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Chapter  1 

Outline 


The  executable  translator  is  built  from  the  following  sources: 

•  A  collection  of  auxiliary  C-h-f  classes  and  utilities  residing  in  .h  and  .cc  files. 

•  A  file  grammar .  1  that  serves  as  one  of  the  inputs  to  Ox  and  amounts  to  a  Lex  input  specification 
for  RSML. 

•  A  set  of  noweb  files  (named  with  extension  nw)  that  are  notangled  to  produce  grammar,  cc,  which 
serves  as  the  other  input  to  Ox.  These  files  define  attributes  and  traversal  actions. 

To  make  translator  from  these  pieces  one  needs  Ox  (which  itself  requires  either  Yacc  or  Bison,  and 
either  Lex  or  Flex);  notangle;  and  a  C-I-+  compiler,  to  compile  the  output  from  Ox.  This  document 
contains  the  following  things: 

•  A  grammar  for  RSML,  in  chapter  2 

•  The  noweb  outline  for  generating  grammar-cc.tex,  in  chapter  3. 

•  The  definitions  of  the  grammars  tokens  and  operator  precedence,  in  chapter  4. 

•  Declarations  of  the  “basic”  attributes,  in  chapter  6. 

•  Definitions  of  attributea,  in  chapter  7. 

•  The  partially  filled-in  template  for  encoding  RSML  models  as  EVES  theories,  in  chapter  8.  This 
includes  the  definitions  of  attribute,  auxiliary  functions,  and  traversals. 

•  The  lex  file  for  parsing  RSML,  in  chapter  11 

•  The  auxiliary  C-h-f  code,  in  chapter  12 

•  The  makefile  for  code  and  documentation,  in  chapter  13. 

A  sample  invocation  of  translator  from  the  command  line  looks  something  like 


1 


translator  -ixc  -e  -s  blort 

where  blort  is  the  name  of  the  RSML  definition  to  be  translated.  The  parameters  x,  c,  e,  and  s  set 
'^traversal  switches’’— and  each  traversal  generates  an  encoding  of  blort  for  some  formal  analysis  tool. 
In  the  current  implementation,  the  very  first  switch  must  always  be  i,  which  codes  a  special  traversal 
that  initializes  certain  global  data. 


2 


Chapter  2 

The  grammar  of  RSML 


/* - 

*  SYSTEM 

♦ 

*  A  system  is  a  collection  of  compnents 
*/ 


system 

:  SYSTEM  SYSTE^LNAME  ’ : > 
component _list 

END  SYSTEM 

SECTION^SEPARATOR 

» 

component_list 

:  /*  empty  */ 

I  component_list  component_def 

/* - 

*  COMPONENTS 

* 

*  A  component  does  not  have  to  serve  any  purpose  and  the  body  of  the 

*  component  can  be  left  empty.  A  strict  ordering  of  the  parts  of  a 

*  components  is  enforced.  The  main  reason  for  this  action  is  the  need  for 

*  a  structured  approach  to  typechecking/declaration/use  checking. 

*/ 

component _def  :  COMPONENT  COMPONENT.NAME  » :  ^ 

END  COMPONENT 

I  COMPONENT  COMPONENT^NAME  ^ » 
state_def 
constant_def _list 
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event^def _list 
in_variable_def_list 
out_variable_def _list 
in„iiiterface_def_list 
out_interface_def_list 
macro_def _list 
f unct ion_def _list 

transit ion_ or^trans it ion_bus_def_list 
END  COMPONENT 


component_location  :  C0MP0NENT_NAME 

I  EXTERNAL 

j 

- 

/♦  States  */ 

/* - 


/*  If  a  component  has  a  body  it  has  to  contain  some  state.  An  empty  ♦/ 
/*  state  space  is  not  allowed  */ 


state.def  :  OR_STATE_TQKEN  STATE_NAME  DEFAULT  STATE_NAME  ’ : ’ 

state_chcirts_list 
END  OR_STATE_TOKEN 
I  AND_STATE_TOKEN  STATE.NAHE  ’ :  ’ 
state_charts_list 
END  AHD_STATE_TOKEN 
I  OR.ARRAY  STATE.NAME 
INTEGER  >] ’  ’ 

state_charts_Iist 
END  OR.ARRAY 
I  AND.ARRAY  STATE.NAME 
INTEGER  ’]>  > 

state.charts.list 
END  AND.ARRAY 
I  ATOMIC  STATE.NAME  ’ :  ’ 

I  CONDITIONAL  STATE.NAME  ’ : ’ 

» 

state_charts_list  :  state_def 

I  state_charts_list  state^def 


/*  For  IN_0NE_0F  predicates  */ 
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state^list  :  STATE^NAME 

I  state.list  STATE_NAME 


/*  For  transition  locations,  IN  STATE  predicates  */ 
siinple_state_path  :  STATE_NAME 

I  simple_state_path  ’ .  ^  STATE^NAHE 
» 

state.path  :  STATE_NAME  ’[’  parameter  ' 

I  STATE_NAME  parameter  simple_state_path 

I  simple_state_path  STATE_NAME  parameter 
I  simple_state_path  ’ ,  * 

STATE_NAME  parameter 
simple_state_path 
1  simple_state_path 

/*  currently  not  used  -  Vivek  -  3/31  ♦/ 


state„path_ref  :  PREV  REAL  state^path 

i  state_path 

- 

/*  Constants  */ 

/* - 

constant ^def  :  CONSTANT  CONSTANT.NAME  ^ ^ 

VALUE  ’ : ’  REAL 
END  CONSTANT 

I  CONSTANT  CONSTANT^NAHE  ' :  ' 

VALUE  REAL 

END  CONSTANT 


constant_ref  :  CONSTANT_NAME 

f 

const ant _def _list :  /*  empty  */ 

I  constant _def_list  constant_def 

f 

/if. - 

/*  Variables  */ 

- ^/ 
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in_variable_def 
expect ed_min 


VARIABLE  IN_VAR^NAME  ’ :  ’ 
TYPE  NUMERIC 

expect ed^max 
min_gran 


max_gran 

END  IN_VARIABLE 

/*  I^m  not  sure  if  we  suport  parameterized  vars  in 
the  simulator.  Hence  I^m  commenting  this  out  for  now. 
-  Vivek  -  6/8/95 

I  IN_ VARIABLE  IN.VAR.NAME 
TYPE  NUMERIC 

expected_min 

expect ed^max 

min^gran 

max^gran 

END  IN.VARIABLE 

*/ 


out_variable_def 
expect ed_min 


OUT^ VARIABLE  OUT^VAR.NAME 
TYPE  ' : '  NUMERIC 

expect ed_max 
min^gran 


max_gran 

ASSIGNMENT  * :  ’  expression 
TRIGGER  ' : ’  event _ref 
END  OUT^ VARIABLE 

/*  I'm  not  sure  if  we  suport  parameterized  vars  in 
the  simulator.  Hence  I’m  commenting  this  out  for  now. 
-  Vivek  -  6/8/95 


expect ed_min 


1  OUT^VARIABLE  OUT_VAR.NAME  ' 
TYPE  NUMERIC 


expected_max 

min^gran 


max_gran 

ASSIGNMENT  ’ :  ’  expression 
TRIGGER  ' : ’  event _ref 
END  OUT_ VARIABLE 


expected_min  :  /♦  empty  */ 

1  EXPECTED_MIN  ’ ;  ’  REAL 


REAL 


[’  REAL 
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expected_max  :  /*  empty  */ 

I  EXPECTED.MAX  ’ :  ’  REAL 


min^gran  :  /♦  empty  ♦/ 

I  MIN.GRAN  REAL 


max^gran  :  /*  empty  ♦/ 

I  MAX^GRAN  REAL 


in.variable^ref  :  IN_.VAR„NAME 

/*  I’m  not  sure  if  we  suport  parameterized  wars  in 
the  simulator.  Hence  I’m  commenting  this  out  for  now. 
“  Vivek  -  6/8/95 


*/ 


I  IN^VAR_NAME  ’[’  parameter  ’]  ’ 


out_variable_ref  :  OUT_VAR_NAME 

/*  I’m  not  sure  if  we  suport  parameterized  vars  in 
the  simulator.  Hence  I’m  commenting  this  out  for  now. 
-  Vivek  -  6/8/95 


*/ 


I  OUT^VAR^AME  ’[’  parameter  ’]  ’ 


in_variable_ass  :  IN_VAR_NAME 

/*  I’m  not  sure  if  we  suport  parameterized  vars  in 
the  simulator.  Hence  I’m  commenting  this  out  for  now. 
-  Vivek  -  6/8/95 


*/ 


I  IN^VAR^NAME  ’[’  parameter  ’]  ’ 


out^variable.ass  :  OUT_VAR_NAME 

/*  I’m  not  sure  if  we  suport  parameterized  vars  in 
the  simulator.  Hence  I’m  commenting  this  out  for  now. 
-  Vivek  -  6/8/95 


*/ 


I  OUT_VAR_NAME  ’[’  parameter  ’]’ 


/*  In-variables  are  optional  */ 
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in_variable_def_list 


/*  empty  */ 

I  in_variable_def_list  iii_variable_def 


/*  Out “Variables  are  optional  */ 
out_variabl€_def _list  :  /*  empty  */ 

I  out_variable_def _list  out_variable_def 

I 

in_variable_list  :  /♦  empty  */ 

I  in_variable_ass 

I  in_variable_list  ’ , '  in.variable^ass 


variable 


;  out .variable _ref 
I  in_ variable. ref 


variable.ref 


:  PREV  ’ ( ’  REAL  ’ ) *  in.variable.ref 
I  in.variable.ref 


- - - 

/*  Events  */ 

- 

event.def .list  :  /*  empty  */ 

I  event.def. list  event.def 


event.def  :  EVENT  EVENT.NAME  STATE  ^ ^ 
I  EVENT  EVENT.NAME  VARIABLE  ^ ’ 

I  EVENT  EVENT.NAME  INTERFACE  ’ ;  ’ 


/*  I’m  not  sure  if  ve  suport  parameterized  events  in 
the  simulator.  Hence  I’m  commenting  this  out  for  now. 
-  Vivek  “  6/8/95 


*/ 


!  EVENT  EVENT.NAME  ’[’  INTEGER  ’ 


7  .  > 


event _ref  :  EVENT.HAME 

/*  I’m  not  sure  if  ne  suport  parameterized  events  in 

the  simulator.  Hence  I’m  commenting  this  out  for  now. 

-  Vivek  -  6/8/95 

I  EVENT_MAME  ’[’  parameter  ’ 
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event^list 


:  /*  empty  */ 

I  event^ref 

I  event^list  ' , ’  event _ref 


- */ 

/*  Interface  definitions  */ 

/* - */ 

in_interface_def_list  :  /♦  empty  */ 

I  in_interface_def _list  in_interf ace^def 

in.interf  ace^def  :  IN_INTERFACE  IN.INTERFACE^NAME  ’ :  ^ 

SOURCE  component _locat ion 

TRIGGER  RECEIVE  ’(’  in_variable_list  O’ 

select ion_condit ion 

ACTION  ’ : ’  event.list 

END  IN.INTERFACE 


/♦  Output  Interface  is  optional  */ 
out_interf ace_def _list  :  /*  empty  ♦/ 

1  out_interf ace_def _list  out.interf ace^def 


out.interf ace^def  ;  OUT.INTERFACE  OUT_INTERFACE_NAME  ’ :  ’ 

DESTINATION  ’ :  ’  component _ location 
TRIGGER  ’ :  ’  event _ref 
select ion_condit ion 

ACTION  SEND  parameter^ list  O’ 

END  OUT.INTERFACE 

1  OUT_INTERFACE  OUT_INTERFACE_NAME  ’ :  ’ 

DESTINATION  ’ :  ’  component.location  ’ ,  ’  IN.INTERFACE.NAME 
TRIGGER  event „ref 

select ion_condit ion 

ACTION  SEND  parameter^! is t  O’ 

END  OUT^INTERFACE 


select ion^condit ion  :  /*  empty  ♦/ 

I  SELECTION  ’ : »  condition 


/* - 

/*  Macros  */ 

- - 

macro_def_list  :  /♦  empty  ♦/ 

I  macro_def _list  macro_def 

I 

macro.def  :  MACRO  MACRO.NAME  ’(’  local_var_list  ’)’ 

condition 
END  MACRO 


- - 

/*  Functions  ♦/ 

- - - 

function^def _list  ;  /♦  empty  */ 

I  function_def _list  function^def 
> 

function.def  :  FUNCTION  FUNCTION.NAME  local_var_list  ’ 

RETURN  ’ : ’  CASE  case_list  END  CASE 
END  FUNCTION 


case_list 


case 

case_list  case 


case  :  expression  IF  pred_ref  ' ;  ’ 

- - 

/*  Transition  busses 

- - 


transition_or_transition3us_def_list  :  /*  empty  */ 

I  transit ion_ or^trans it ion_bus_def_list 
transit ion_or_transit ion_bus_def 


transition_or_transition_bus_def  :  transit ion^def 
I  transition_bus_def 
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:  TRANSITIONBUS  TRANS ITIONBUS^NAME  ’ : 


transit ion_bus_def 
tremsit ion_def ist 
END  TRANSITIONBUS 


transit ion_def_list  :  /*  empty  */ 

!  transit ion_def_list  transit ion_def 


/* - 

/*  Transitions  */ 
/* - 


:  TRANSITION  TRANSITION.NAME  FROM  STATE^NAME  TO  STATE^NAME 
LOCATION  ’ : *  simple_state_path  */ 
transit ion_maybe_trigger 

transit ion_maybe_cond 
transit ion_maybe_act ion 
END  TRANSITION 


transition_maybe_trigger  :  /*  empty  */ 

I  TRIGGER  event ^ref 

I  TRIGGER  TIMEOUT  simple_expression  expression 


tr ans it ion_de f 
/♦ 


transit ion_maybe_cond  :  /*  empty  */ 
I  CONDITION  condition 


transit ion_maybe_act ion  :  /*  empty  */ 

I  ACTION  ’ : ’  event^list 


/if, - iff 

/*  Predicates  */ 

/+ - 

pred_ref  :  predicate 


:  neg_predicate 
I  macro_ref 


predicate 


I  math^predicate 
I  state^predicate 
I  f oral l^predic ate 
I  exists_predicate 
1  TRUE.TOKEN 
I  FALSE_TOKEN 


iieg_predicate  :  NOT  pred^ref 


macro^ref  :  MACRO^NAME  par ajneter_ list 


math^predicate  :  expression  /*  chcinged  simple^expression  to 

expression  -  Vivek  -  3/9  */ 

boolean^math^operator 

expression  /*  changed  simple_expression  to 

expression  -  Vivek  -  3/9  ♦/ 

I  simple_expression  EQ^ONE.OF  parameter.list 


boolean_inath_oper  at  or 


LESS_OR_EQUAL 
GREATER^ OR.EQUAL 
N0T_EQUAL 


state^predicate  :  simple_state_path  IN.STATE  STATE.NAME 

/*  should  be  state_path_ref  */ 

I  siinple_state_path  IN_ONE_OF 
/♦  should  be  state_path_ref  */ 
state_list 

forall_predicate  :  FORALL  LOCAL_VAR_NAME 

constant_ref  constant_ref  ’] ’ 
pred^ref 


exists^predicate  :  EXISTS  LOG AL^VAR_ NAME 

’  constant_ref  ’ ,  ’  constamt^ref  ’3  ^  ’ 

pred_ref 
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/* - 

/*  Conditions  &  and/or  tables  */ 
/* - 


-*/ 


condition  :  FORALL  LOCAL.VAR^NAME 

* [’  constant _ref  ’ , ’  constant^ref  \  ’ 
condition 

1  EXISTS  LOCAL^VAR.NAME 

constant_ref  constant _ref 
condition 
1  TABLE 
row_list 
END  TABLE 
j  TRUE.TOKEN 
!  FALSE_TOKEN 


row^list 


truth_value_list 


:  pred^ref  ’ :  *  truth_value_list  ’ ;  ^ 
i  row^list  pred_ref  * :  ’  truth_value_list  ’ ;  ’ 
> 

:  truth^value 

I  truths value  truth_value_list 


truth_ value 


:  ’T  ’ 

I  ’F’ 
I 


/» - */ 

/*  Expressions  */ 

- */ 

/*  Some  expressions  are  missing:  abs,  sqrt.  Check  vith  SRS  */ 

expression  :  expression  expression 

I  expression  V'  expression 

I  expression  ’+*  expression 

I  expression  expression 

!  expression  %prec  UMINUS 

1  ^ ’  expression  ' ) ’ 


I  simple_expression 
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siinple_expression 


fimction^ref 

paxcimeter_list 

parameter 
/*  changed  simple. 

*/ 

local_var_list 


variable^ref 
fimction_ref 
constant _ref 
LOCAL_VAR_NAME 
TIME 

TIME  event _ref  0^ 

TIME  PREV  REAL  event.ref  0' 

TIME  * ( ’  variable^ref  ’ )  ' 

TIME  U’  ENTERED  STATE_NAME  O’ 


FUWCTION.NAME  ’(’  parameter^list 


/*  empty  */ 
parcimeter 

parameter_list  ’ ,  ’  pcurameter 


:  expression 

expression  to  expression  -  Vivek  -5/22  */ 
/* I  THIS 


:  /*  empty  */ 

1  LOCAL_VAR_NAME 

I  local_var.list  LOCAL^VAR^NAME 
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Chapter  3 


Making  grammar.cc 


This  chapter  provides  the  noweb  outline  from  which  grammax.cc  is  generated,  and  a  brief  explanation 
of  each  of  the  top-level  modules.  The  last  section  lists  of  assumptions  and  limitations  governing  this 
prototype  code. 

3.1  The  outline  for  grammar.cc 

#include  <stdlib.h> 

#include  <stdio.h> 

#iiiclude  *’conf iguration.h'* 

#include  *Tex.yy.h" 

#iiiclude  ’Toad.h" 

#iiiclude  **generat ed_include_f  ile .  h” 

#include  ''generat  ed_C_macros .  h** 

{Function  headers) 

(Globals) 

•/•> 

{ Tokens) 

{Auto- attributes) 

{Attributes) 

{Precedence) 
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( Traversals) 
(Ox  Macros) 

y.y. 

(rules) 


y.y. 


(Bodies) 

//  This  assumes  that  the  command  line  looks  like 
//  whatever  -axe  -e  ~“S  blort 

//It  ignores  the  first,  sets  the  traversal  switches  denominated 
//  by  a,  X,  c,  e,  and  s,  and  returns  a  pointer  to  blort. 

char  *handleCLopts(int  arge,  chcir  **argv) 

■Cint  i; 

for  (i=l;i<argc;i++) 

{int  j ,len; 

if  (argvCi]  [0]  !=  return  argv[i]; 

len  =  strlen(argv[i] ) ; 
for  (j=l; j<len; j++) 

{ 

switch  (argvCilCj]) 


(Switches  for  traversals) 

default:  goto  err02; 

> 

} 

continue; 

err02  :  fprintf (stderr, 

’’error  in  command  line  option:  y,s\n*' ,argv[i]  ) ; 

> 
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3.2  The  top-level  noweb  modules 

Here  is  a  brief  description  of  the  purposes  and  use  of  the  top-level  noweb  modules.  We  expect  a  developer 
to  write  auxiliary  C++  functions  in  .h  and  .cc  files,  and  to  define  the  attributes  and  traversals  for  a 
translation  by  writing  a  new  noweb  file  that  fleshes  out  a  predefined  skeleton  that  serves  as  a  template. 
The  current,  partially  fleshed  out,  skeleton  for  the  EVES  prover  is  given  in  chapter  8. 

Deciding  which  C++  code  counts  as  ^‘auxiliary”  and  which  should  be  included  in  the  noweb  source 
is  a  matter  of  taste,  but  when  C++  code  is  included  in  the  noweb  files  it  must  be  assigned  to  the  proper 
noweb  modules.  All  files  containing  auxiliary  code  must  be  guarded  with  #ifndef  commands  to  avoid 
problems  with  multiple  declarations. 

First,  the  modules  occurring  in,  or  incorporated  direclty  within,  the  top-level  modules  shown  above: 

•  “Function  headers”  and  “Bodies”:  prototypes  and  bodies  for  C++  code  defined  in  noweb  files 
belong  in  these. 

•  “Globals”:  gathers  up  declarations  of  global  variables.  On  the  whole,  we  avoid  these  in  favor  of  a 
functional  programming  style. 

•  “Attributes” :  gathers  up  declarations  of  Ox  attributes.  The  developer  never  writes  an  “Attributes” 
module.  Instead,  he  puts  attribute  declarations  for  a  particular  grammar  symbol  in  a  module  for 
that  symbol,  and  these  individual  modules  are  automatically  collected  into  the  top-level  module 
“Attributes”.  The  modules  for  individual  symbols  are  defined  in  chapter  6. 

•  “Traversals” :  gathers  up  declarations  of  traversals. 

•  “Ox  macros”:  gathers  up  declarations  of  Ox  macros. 

•  “rules”:  gathers  up  all  the  Ox  attribute  definitions  and  traversal  code.  The  developer  never  writes 
a  “rules”  module  directly.  Instead,  he  puts  attribute  declarations  for  a  particular  grammar  pro¬ 
duction  in  a  module  for  that  production,  and  these  individual  modules  are  automatically  collected 
into  the  top-level  module  called  “rules” . 

The  following  two  modules  are  not  reachable  from  the  root  module  defined  above. 

•  “Includes” :  #iiiclude  commands  occurring  in  “Includes”  modules  are  automatically  gathered  to¬ 
gether  and  placed  in  the  file  generated_include_f  iles  .h.  Sample  use:  when  the  developer 
declares  a  new  attribute  of  type  T,  that  definition  should  be  preceded  by  an  “Includes”  module 
containing  the  definition  of  T.  This  is  helpful  documentation,  and  also  ensures  that  the  compiler 
will  find  the  definition. 

•  “C  Macros”:  #define  commands  occurring  in  “C  macros”  modules  are  automatically  gathered 
together  and  placed  in  the  file  generated_C_macros  .h. 

The  developer  should  not  modify  the  modules  “Tokens”  and  “Precedence”,  which  pertain  to  parsing 
of  RSML. 
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3.3  Assumptions  and  limitations 

To  simplify  certain  parsing  problems  we  currently  assume 

•  All  names  occurring  in  the  rsml  text,  other  than  local  variables,  are  distinct. 

•  No  more  than  1000  names  occur  in  the  text.  (This  is  set  in  a  global  variable,  MAX^SPEC^NAMES 
defined  in  conf iguration.h. 

•  A  system  has  only  one  component.  The  name  of  the  top-level  state  of  that  component  is  stored  in 
the  global  state  information. 

Some  features  are  not  (fully)  supported  because  of  unresolved  semantic  questions: 

•  OR-array  states,  AND-array  states,  or  transition  busses.  Applying  the  translators  to  code  that 
contains  these  may  result  in  a  crash,  or  may  generate  meaningless  text. 

•  Conditional  states — the  SPIN  translation  prints  an  error  message  when  it  encounters  them.  The 
SPIN  code  output  by  the  translator  in  this  case  will  not,  in  general,  compile. 

•  The  SPIN  translation  treats  real  constants  like  integers,  and  assumes  that  they  have  the  form 

XXX. 0. 
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Chapter  4 


Parsing  preliminaries 


These  two  modules  in  this  chapter  are  concerned  solely  with  lexing  and  parsing  RSML,  and  a  developer 
need  not  (must  not)  change  them. 


4.1  Tokens 

Here  is  the  complete  list  of  tokens  of  the  RSML  grammar. 
{Tokens)= 


‘/.token  ACTION  AND_ARRAY  AND_STATE_TOKEN  ATOMIC  CASE  COMPONENT  CONDITION 
•/.token  CONSTANT  DESTINATION  END  ENTERED  EVENT  EXISTS  EXPECTED.MAX 
•/.token  EXPECTED.MIN  FORALL  FROM  FUNCTION  GREATER_OR_EqUAL  IF  IN.INTERFACE 
•/.token  INTEGER  IN_ONE_OF  IN_STATE  IN.VARIABLE  VARIABLE  LESS_OR_EQUAL  LOAD 
•/.token  MACRO  MAX_GRAN  MIN_GRAN  NOT  NOT.EQUAL  NUMERIC  OR_ARRAY 
•/.token  OR_STATE_TOKEN  OUT_INTERFACE  OUT_ VARIABLE  REAL  RETURN  SOURCE  SYSTEM 
•/.token  TO  TRANSITION  TRANSITIONBUS  TRIGGER  TYPE  VALUE  CONDITIONAL 
•/.token  ASSIGNMENT  SECTION_SEPARATOR 

•/.token  TIMEOUT  LOCATION  EXTERNAL  STATE  INTERFACE  RECEIVE  SELECTION  SEND 
•/.token  PREV  TIME  THIS  TRUE.TOKEN  FALSE.TOKEN  TABLE  DEFAULT  EQ_ONE_OF 

•/.token  LEX_ERR0R 

•/.token  STATE.NAME  SYSTEM.NAME  COMPONENT.NAME  EVENT_NAME 
•/.token  OUT_INTERFACE_NAME  IN_INTERFACE_NAME  CONSTANT_NAME 
•/.token  IN_VAR_NAME  OUT_VAR_NAME  FUNCTION.NAME  LOCAL_VAR_NAME 
•/.token  MACRO.NAME  TRANSITION.NAME  TRANSITIONBUS_NAME 
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4.2  Precedence 

Here  are  the  precedence  rules  for  evaluating  mathematical  expressions. 
{Precedence)= 


•/.left  '  +  ' 
•/.left  >/’ 
•/.left  UMINUS 
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Chapter  5 

Collecting  global  information 


Instead  of  proceeding  in  a  purely  functional  programming  style  and  passing  a  symbol  table  attribute 
through  the  parse  tree,  it  seems  convenient  to  define  a  global  data  structure  that  summarizes  a  small 
amount  of  global  semantic  information  and  is  updated  by  side-effects  during  attribute  evaluation.  Sec¬ 
tion  5.1  describes  this  data  structure;  section  5.2  describes  the  strategy  for  making  sure  that  all  necessary 
writes  are  done  before  each  read  of  this  structure;  and  section  5.3  describes  the  initialization  traversal 
that  completes  its  initialization,  and  which  must  be  done  before  any  other  traversal.  The  initializa¬ 
tion  traversal  is  not  strictly  necessary,  since  we  could  arrange  that  everything  is  done  during  attribute 
evaluation.  Currently,  only  the  SPIN  traversal  needs  access  to  this  global  data. 


5.1  The  variable  glob 

Global  semantic  information  will  be  stored  in  a  variable  glob  of  type  global_state.  The  code  for  this 
class  can  be  found  in  global_t able. h  and  combinatorics  .h. 

Currently,  glob  contains  the  following  (private)  data.  We  describe  the  meaning  of  this  data  when 
glob  is  complete.  How  and  when  it  gets  completed  are  described  in  section  5.2: 

•  Integers  niim_ s t at e s,  num_ events,  and  nimi_transitions  recording,  respectively,  the  total  number 
of  states,  events,  and  transitions  declared  in  the  specification. 

•  One-dimensional  arrays  state^codes  and  transition_codes.  For  each  i  <  num_states,  state^codes  [i] 
is  a  pointer  to  the  state_value  of  the  state  whose  unique  integer  code  is  i;  transition.codes 

does  the  analogous  thing  for  transitions. 

•  Two-dimensional  arrays  of  integers: 

-  child^of  [i]  [j]  ==  1  iff  state  i  is  a  child  of  state  j 

-  leq  is  the  reflexive  transitive  closure  of  the  relation  coded  by  child^of .  That  is,  leqCi]  [j] 

==  1  iff  state  i  is  state  j  or  a  descendant  of  state  j 

-  compatible  Ci]  [j]  ==  1  iff  transition  i  and  transition  j  are  compatible. 
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The  global_table  class  provides  methods  for  allocating,  setting,  accessing,  and  printing  this  infor¬ 
mation. 

5.2  Completing  glob 

[Include  files)— 

#include  ”global_table .h" 

#include  "rsml_state.h*' 

(Globals)= 
global_table  glob; 
rsml_state  rsml; 

An  auxiliary  global  variable  rsml,  of  class  rsml^state,  does  two  things: 

•  It  keeps  track  of  various  statistics  about  the  specification,  in  components  updated  during  the  first 
lexing  pass.  It  currently  counts  declarations  of  states,  events,  and  transitions. 

•  During  attribute  evaluation  rsml  is  used  to  dole  out  unique  integer  id’s  for  state,  event,  and 
transition  declarations. 

When  the  first  lexing  pass  is  over,  the  statistics  stored  in  rsml  are  correct.  At  that  point,  and  before 
the  final  lexing/parsing/Ox  pass  begins  (see  load.cc)  the  variable  glob  is  updated  as  follows: 

•  num_states,  num^events,  and  iiiim_traiisitions  are  set  to  their  proper  values 

•  All  the  arrays  in  glob  are  allocated.  In  addition,  the  arrays  [leq,  ch.ild_of ,  and  compatible  are 
initialized  with  O’s. 

Currently,  all  the  information  needed  in  glob  can  be  obtained  from  the  productions  state_def , 
state_chaxts_list,  and  traiisition_def .  The  information  is  actually  inserted  into  glob  in  the  fol¬ 
lowing  ways: 

•  As  aside  effect  of  evaluating  the  glob  attribute  of  state^def ,  state_charts_list,  and  traiisition_def . 
The  actual  value  of  this  attribute  is  irrelevant, 

•  At  the  beginning  of  the  init  traversal. 

The  order  in  which  things  happen  matters. 

In  each  state.def  production,  evaluation  of  the  glob  attribute  has  the  effect  of  updating  state_codes 
with  the  state_value  of  the  state  being  defined,  and  updating  child_of  to  model  the  relation  between 
the  state  defined  and  its  children  (if  any).  We  introduce  explicit  dependencies,  via  the  Ox  ®e  com¬ 
mand,  to  guarantee  that  the  glob  attribute  of  a  state  cannot  be  evaluated  before  the  glob  attribute  of 
any  its  children.  These  updates  are  all  logically  independent  of  one  another,  but  by  forcing  bottom-up 
evaluation  we  guarantee  that  when  state_def  .glob  is  evaluated  in  the  following  top-level  production 


22 


component _def 


I  COMPONENT  COMPONENT^NAME  ' : ^ 
state_def 

transition_or_transition_bus_def_list 
END  COMPONENT 


both  St  at  encodes  and  child_of  are  complete.  This  is  important  because  these  two  arrays  must  be 
complete  before  we  can  correctly  update  any  of  the  other  array  components  of  glob.  These  other  updates 
are  performed  when  visiting  the  transition_def  descendant  of  transition_or .  .  .. 

We  delay  evaluation  of  the  attribute  transition^def .  glob  as  follows:  All  productions  in  the  chain 
from  transition^ . . .  _list  down  to  trams  it  ion_def  are  given  an  auto-inherited  attribute  state_def  _done; 
and  within  component_def  we  use  0e  to  force  transition^.  .  .„list . state_def_done  to  depend  on 
state_def  .glob.  That  trick  effects  the  delay.  In  addition,  evaluation  of  the  top  level  state_def  _done  is 
accompanied  by  a  side  effect  on  glob,  which  uses  Warshall’s  algorithm  to  calculate  leq  from  child^of . 

We  therefore  evaluate  each  transition_def  .globin  a  context  in  which  all  of  st at  e_ codes,  child^of , 
and  leq  are  complete.  This  context  permits  each  transition_def  production  to  properly  update  its 
piece  of  trams  it  ion_codes.  Therefore,  at  the  end  of  attribute  evaluation,  all  of  glob  except  compatible 
has  been  correctly  initialized.  The  first  step  in  the  init  traversal  is  to  call  glob. set_compatible() , 
which  completes  the  initialization.  As  noted  above,  we  could  easily  arrange  to  call  glob.  set_compatible() 
during  attribute  evaluation,  after  all  the  other  parts  of  glob  are  complete. 


5.3  Traversal  actions 

{Glohals)-^= 

int  init  =  0; 


{Traversals)^ 

©traversal  ©preorder  init 


The  command  line  argument  choosing  this  traversal  is  i 

{Switches  for  iraversals)= 

case  'i'  :  init  =  1;  break; 

The  only  effect  of  this  traversal  is  to  complete  the  initialization  of  glob  by  calculating  the  table  of 
compatible  transitions, 

{$ystem:SYSTEM  SYSTEM.NAME  componeniJist  END  SYSTEM 
SECTION^SEPARATOR  )= 

©init  if  (init)  {  glob. set _compatible() ;  } 
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Chapter  6 

Attribute  declarations 


This  is  the  master  file  containing  the  declarations  of  all  the  basic  attributes  (and,  when  notangled,  gathers 
them  all  up  into  the  top-level  “Attributes”  module).  Each  declaration  provides  a  module  into  which 
developers  may  place  additional  attribute  declarations  needed  for  particular  traversals.  So,  for  example, 
a  developer  wanting  to  declare  additional  attributes  for  an  INTEGER  token  will  put  such  declarations  into 
the  “INTEGER  attributes”  module.  We  provide  the  developer  with  a  list  of  all  such  modules  in  the  file 
attribute_modules  .nw,  and  that  file  serves  as  part  of  the  template  for  integrating  a  new  tool. 


6.1  Attributes  of  tokens 

{Include  file$)-^= 

#include  "scaled_integer .h" 


{Attribuies)  = 

©attributes  { 
int  val; 

{INTEGER  attributes) 
y  INTEGER 

{INTEGER  attributes)= 


{Attributes) -y~ 


©attributes  { 

scaled^ integer  ♦val; 
{REAL  attributes) 
y  REAL 
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{REAL  atirihuies)  = 


6.2  Attributes  for  system 

{ Attributes) -{-= 

^attributes  { 

{system  attributes) 

}  system 

{system  attributes)^ 


{Attributes) 

©attributes  { 
{component Jist  attributes) 
y  component_list 

{componeniJisi  atiributes)= 


6.3  Attributes  for  components 

♦in^top^state  is  the  S^exp  asserting  that  the  state  machine  is  always  in  the  top-level  state. 

{Attributes) -{-= 

©attributes  { 

S_exp  ♦in^top^state; 

{component -def  attributes) 

}  component _def 

{component. def  attributes)= 


{Attributes) 

©attributes  { 
{componentJocation  attributes) 
}  component .location 

{componentJocation  attributes)— 
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6.4 


Attributes  for  states 


The  data  associated  with  a  STATE_NAME  is  a  state_value  containing  the  name  of  the  state,  represented 
as  a  Str,  its  integer  code,  and  the  kind  of  state  it  is  (OR,  AND,  etc.). 

{Include  files)-\-= 

#include  **state_value  .h” 


If  state_def  defines  the  state  Foo,  then  parent _as_S_exp  is  the  s-expression  (Foo)  and  children„as_S_exps 
is  the  list  of  all  such  s-expressions  for  the  children  of  Foo. 

The  remaining  attributes  have  the  following  meanings,  written  in  infix  form  rather  than  as  S- 
expressions: 

•  parent„iiaplies_children  is  parent  ->  childl  2uad  child2  and  if  state_def  is  and  AND- 
state  and  parent  ->  childl  or  child2  or  ...  if  state^def  is  an  OR-state;  and  is  otherwise 
true. 

•  children_  imply  ^parent  is  the  list  childl  ->  parent,  child2  ->  parent  . . . 

•  If  state_def  is  an  OR-state  incompatible^siblings  is  the  list 

childl  ->  (not  child2)  and  (not  childS)  and  (not  child4)  and  .  .  . 
child2  ->  (not  childS)  and  (not  child4)  and  . . . 
childS  ~>  (not  child4)  cind  .  .  . 


and  is  otherwise  the  empty  list. 

The  value  of  the  glob  attribute  is  a  dummy.  The  point  of  evaluating  it  is  to  have  a  side  effect 
initializing  certain  global  variables  with  semantic  information.  See  chapter  5. 

The  value  of  code  is  an  integer  uniquely  associated  with  the  state  name  introduced  by  this  declaration. 
The  inherited  paxent^code  is  used  to  fill  in  the  child_of  array. 

conditionals_so_far  is  a  synthesized  attribute  of  state_def  and  state_charts_list.  It  returns 
a  *StateValueList  containing  all  conditional  states  so  far  encountered  (bottom  up). 

ancestor  is  an  inherited  attributed  containing  the  Str*  naming  the  parent,  if  one  exists — and,  for 
a  top-level  state,  containing  '***. 

(Attributes) -\-~ 

©attributes  { 

state_value  *val; 

S_exp  *parent_as_S_exp; 

S_exp_list  *children_as_S_exps; 

S_exp  *parent_implies_ children; 


27 


S_exp_list  *childreii_imply_parent ; 

S_exp_list  ^incompatible^ siblings ; 

int  glob;  //  I'll  eventually  change  this  to  initialize 
int  code; 

StateValueList  *conditionals_so_far ; 

Str  ♦ancestor;  //  Inherited 

{staie.def  aiinbutes) 

}  state_def 

{siate^def  aiiribuies)= 


{Attributes) -\-= 

©attributes  { 

StateValueList  ♦comp_vals;  //  Constructed  from 

//  current  val  and 
//  inherited  values 

StateValueList  ♦ inherit ed^vals ;  //  Inherited 


int  glob; 

StateValueList  ♦conditionals_so_f ax; 
Str  ♦cincestor; 

{state^chartsJist  attributes) 

>  state_charts_list 

{state.chartsJist  atiributes)= 


The  usual  boilerplate:  At  the  top  level,  computed^exps  returns  the  list  of  all  the  states  in  the  list,  as 
S-expressions. 

(Attributes) 

©attributes  {. 

S_exp_list+  comp^exps; 

S_exp_list*  inherit ed_exps ; 

(stateJist  attributes) 

}  state_list 

(stateJist  attributes)^ 
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{AUrihuies)~^= 

©attributes  { 
{simple.siaie.path  attributes) 
y  simple_state_path 

{simplestate-path  attributes)^ 


{Attributes) 
©attributes  { 
{state-path  attributes) 
y  state_path 

{staie^paih  attributes)^ 


{Attributes) -\-= 
©attributes  { 
{siatejpaih^ref  attributes) 
}  state_path_ref 

{state.pathjref  attributes)= 


6.5  Attributes  for  constants 

{Attributes) 

©attributes  { 

{consiant.def  attributes) 

}  constcint^def 

{constant-def  attributes)  — 


{Attributes) 

©attributes  { 

S_exp  *exp; 

{const ant^ref  attributes) 
}  constaiit_ref 

{consiant.ref  attributes)  = 


{Attributes) -\-= 


©attributes  { 
{consiani-defJist  attributes) 
y  constant _def_list 

{const ant -def -list  attributes)= 


6.6  Attributes  for  variables 

Currently:  a  very  partial  version  of  in  variables  and  out  variables  (but  not  interfaces).  It  seems  that, 
right  now,  all  variables  are  real  variables.  The  proper  model  of  such  a  variable  is  a  map  from  time  to 
real  values,  but  for  now  Pll  just  make  them  unspecified  real-valued  constants.  (Semantically,  of  course, 
variables  are  logical  constants.)  I  don’t  know  whether  such  notions  as  expect ed_min,  max^gran,  etc., 
have  any  semantic  significance.  For  now  I  will  not  model  them  in  any  way.  An  iii_variable_def  or 
o'ut_variable_def  introduces  a  new  unspecified  constant  (of  type  real).  So,  these  productions  must 
generate  appropriate  declarations. 

IN^VAR.NAMEs  and  OUT_VAR_NAMEs  wind  up  in  expressions  via  in_variable_ref ,  out^variable^ref , 
and  variable;  so  those  chain  of  attributes  are  declared  as  well, 

(Attributes) 

©attributes  { 

(injvariablt-def  attributes) 

}  in_variable_def 

(in-variablc-def  attributes)^ 


(Attributes) += 

©attributes  { 
(out-variable-def  attributes) 
y  out_variable_def 

(out-variabk-def  atiribuies)= 


(Attributes) 

©attributes  { 

(expected -min  attributes) 
y  expect ed_miii 

(expected-min  attributes)^ 


(Attributes)  A- = 

©attributes  { 
(expected-max  attributes) 
}  expect ed_max 


30 


{expected. max  aitribuies)  = 


{Aiiributes)-}'— 
©attributes  { 
{min.gran  attributes) 
}  inin_gran 

{min.gran  attributes)  — 


(Attributes) -\-= 
©attributes  { 
(max.gran  attributes) 
y  max^graoi 

(max.gran  attributes)^ 


Computing  an  in_variable_ref  or  out_variable„ref  with  str  “f  oo”  as  an  s-expression  simply  means 
computing  the  s-expression  “(foo)”.  A  proper  model  of  variables  will  presumably  have  to  change  this. 

(Attributes) 

©attributes  { 

Str  ♦str; 

S_exp  *as_S_exp; 

(in.vari able. ref  attributes) 

}  in_vaxiable_ref 

(in.variable.ref  attributes)^ 


(Attributes) 

©attributes  { 
(out.variable.ref  attributes) 
Str  ♦str; 

S_exp  ♦as^S.exp; 
y  out_vaxiable_ref 

(out.variable.ref  attributes)= 


(Attributes)  A = 

©attributes  { 

Str  ♦str; 

(in.variable.ass  attributes) 
]■  in_variable_ass 
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{in-variabk-ass  attribuies)= 


{Atiribuies)-{-^ 

©attributes  { 

Str  ♦str; 

{oukvariable^ass  attributes) 
}  out_variable_ass 

{oui.variabk.ass  attributes)^ 


{Attributes) 

©attributes  { 

( injvari able^d efJ ist  attributes) 
>  iii_variable_def_list 

{injvariable^defJist  attributes)^ 


{Attributes) 

©attributes  { 

( oukvariabk-defJist  attributes) 
>  out_variable_def_list 

{out^variabk^defJist  attributes)^ 


{Attributes) 

©attributes  { 

StrList  ♦computed_val; 
StrList  *inherited_val; 
{injvariableJist  attributes) 

}  iii_variable_list 

{iu-variableJist  attributes)^ 


Computing  a  variable  or  variable_ref  with  str  as  an  s-expression  simply  means  computing 

the  s-expression  “(foo)”.  A  proper  model  of  variables  will  presumably  have  to  change  this. 

{Attributes) 

©attributes  { 

Str  *str; 

S_exp  ♦as^S.exp; 

{variable  attributes) 
y  vaxiable 
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{variable  aiiribtties)^ 


{Aitribui€s)+= 
©attributes  { 

Str  ♦str; 

S_exp  ♦as^S^.exp; 
{variable.ref  aiiribides) 
}  variable^ref 

{variable -ref  atiribuies)— 


6.7  Attributes  for  events 

{Include  files)A-^ 

#include  *'event_value.h*' 

The  events  for  a  component  are  declared  in  its  event _def_list  child.  The  names  of  these  events  then 
occur  (as  event „refs)  in  the  following  ways: 

•  As  triggers  in  definitions  of  out  variables  (out_var_def  _list)  and  out  interfaces  (out_interf  ace_def  _list), 
declarations  of  transitions  (transition^.  .  ._def_list). 

•  As  actions  in  definitions  of  in  interfaces  (in_interf  ace_def  _list)  and  declarations  of  transitions 
(transition^. . ._def_list). 

Declarations  of  events  declare  them  as  being  “state”  events  (which  I  believe  can  be  triggers  for 
transitions),  “variable”  events  (which  I  believe  cause  the  setting  of  out  variables),  and  “interface”  events 
(which  I  believe  are  triggered  by  the  receipt  of  input). 

We’il  generate  a  table  that  associates  each  event  name  with  the  disjunction  of  the  conditions  of  all  its 
triggering  transitions.  To  do  this,  the  top-level  event^def  _list  synthesizes  the  list  of  all  declared  (state) 
events — in  the  attribute  computed^ events,  which  can  be  handed  laterally  to  the  transition^ .  .  .  _def  _list. 

A  synthesized  attributed  of  that  production  will  generate  the  appropriate  set  of  tests. 

The  value  of  code  is  an  integer  uniquely  associated  with  the  event  name  introduced  by  an  event 
declaration. 

For  now,  we’ll  just  define  a  str  attribute  with  the  name  of  each  event,  and  a  list  of  them  with 
event.def  _list.  The  attributes  for  this  are  boiler  plate. 

{Attributes) += 

©attributes  { 

EventValueList  *computed__events ; 

EventValueList  * inber it ed_ events ; 

{eveni-defJisi  attributes) 

}  event_def _list 
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{event ^defJisi  aitribuies)= 


(Attributes) -\-= 

©attributes  { 

event _value  *val; 
int  code ; 

(eventide/  attributes) 

y  event_def 

(eventide/  attributes)^ 


The  category  event^ref  is  used  in  the  productions  for  out  variables,  out  interfaces,  and  transition 
triggers.  The  category  event^list  is  used  in  defining  in  interfaces  and  transition  actions.  There  is  no 
context  information — only  their  names,  which  can  then,  presumably,  be  looked  up  in  a  symbol  table  to 
find  the  corresponding  event  value. 

(Attributes) -\-= 

©attributes  { 

Str  ♦str; 

(event-ref  attributes) 
y  event_ref 

(event-ref  attributes)= 


(Attributes)  y-~ 

©attributes  { 

StrList  *computed_ events; 
StrList  *inherited_events; 

(event-list  attributes) 
y  event_list 

(event-list  attributes)— 


6.8  Attributes  for  interface  definitions 

{AUributes)-\-= 
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©attributes  { 
{inJnierface^defJisi  aiiributes) 
}  in_interface_def_list 

{inJnierface-defJisi  aiiributes)— 

{Aitribuies)-\-^ 

©attributes  { 
{in.inierface^def  attributes) 
y  iii_interf ace^def 

{in Jute rfa ce.def  aiiributes) = 


{Attributes) -\-= 

©attributes  {. 

{oui-int erf ace^def -list  attributes) 
3*  out_interface_def _list 

{out-inie rfa ce-defJist  attributes)^ 


{Attributes) -h— 

©attributes  { 
{out-interface-def  attributes) 
}  out_iiiterf ace_dei 

{out-interface-def  attributes)^ 


{Attributes) 

©attributes  { 
{selection-condition  attributes) 
>  s el ection_ condition 

{selection-condition  attribuies)= 


6.9  Attributes  for  macros 

{Attributes) -\-= 

©attributes  { 

{macro -def -list  attributes) 

>  inacro_def _list 


{macro ^defJisi  aiiribuies)= 


{AUribuies)-\-= 

Oattributes  { 

(macro-def  attributes) 
y  macro.def 

{macro ^def  attributes)^ 

6.10  Attributes  for  functions 

{Include  files)-\-= 

#include  *'f unct ioii_def  init ion .  h" 


At  the  moment  we  need  no  top-level  information  about  fTinction_def_lists. 

{Attributes) -[-= 

©attributes  { 

{function.defJist  attributes) 

}  functioii_def_list 

{fun ction^def -list  attributes)^ 


{Attributes) 

©attributes  { 

function^def init ion  *val; 
{functiou-def  attributes) 
y  function.def 

{function-def  aitribuies)= 


{Attributes) += 

©attributes  { 

CaseList  *inlierited_val; 
CaseList  ♦computed_val; 
{caseJist  attributes) 

}  case_list 

{case-list  attributes)^ 
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{Atirihuies)-^^ 
^attributes  { 
rsml_case  *val; 
{case  aiiribuies) 

}  case 

{case  attributes)— 


6.11  Attributes  for  transition  busses 

These  declarations  come  in  two  parts:  functional-style  mechanisms  for  the  sake  of  theory  translations 
into  EVES  and  PVS;  mechanisms,  for  the  sake  of  SPIN,  which  involve  reading  and  setting  information 
in  a  global  variable  glob.  The  stuff  with  global  variables  seems  unavoidable,  and  some  of  the  functional 
stuff  could  probably  be  simplified  by  piggy-backing  onto  it.  (That^s  for  the  future.) 

{Include  files)-^^ 

#include  “transition^value .h" 

#include  " event_value ,  h*' 

#include  "formula. table.h*' 

#include  "s_list_table  .h." 


The  code  attribute  associates  a  unique  integer  with  the  transition  defined  by  a  transition.def .  (I 
haven’t  yet  done  anything  about  transition  bus  definitions.) 

By  the  “event  tautology  test”  we  mean  the  check  that  disjoining  the  conditions  of  all  transitions 
triggered  by  any  given  state  event  forms  a  tautology.  FLAW  1:  For  now,  we  don’t  keep  track  of 
which  transition  is  associated  with  which  of  the  disjuncts.  To  generate  more  helpful  error  reports  we 
need  to  do  that,  so  the  attributes  of  type  formula.table  should  be  replaced  by  attributes  of  type 
str.tagged.table  (see  str_tagged_table  .h). 

For  the  top-level  traus  it  ioii_or_.  .  ..list,  the  attribute  computed,  etest  will  synthesize  af  ormula.table 
that  associates  the  name  of  each  event  with  the  disjunction  of  all  the  conditions  associated  with  that 
event.  The  formula  entries  in  this  table  are  candidate  theorems  (although,  as  noted  above,  we  should 
only  be  making  entries  for  the  “state”  events). 

The  construction  of  computed.etest  is  boilerplate:  inherited.etests  is  passed  down,  modified  as 
it  goes  along,  and  the  final  result  is  synthesized  up  in  computed.etests. 

The  initial  inherited  table  is  constructed  from  the  list  of  all  event  names  (is  it  here  that  we  should 
cut  down  to  the  list  of  “state”  events?)  by  associating  each  of  them  with  the  condition  “false.”  The  list 
of  event  names  comes  from  the  computed. events  attributed  of  e vent. def  .list. 

FLAW  2  :  A  transition  is  permitted  to  have  no  trigger.  I’m  not  sure  what  the  semantics  of  that  is 
supposed  to  be.  We  currently  associate  such  a  transition  with  a  special  event,  the  NullEvent,  whose 
name  is  the  empty  string — i.e.,  a  Str  whose  associated  string  is 

By  the  “condition  E-and-E  test”  we  mean  a  check  that  the  exit  conditions  for  each  conditional  state 
form  an  exhaustive  and  exclusive  set.  We  generate  these  in  a  way  analogous  to  the  event  tautology  tests. 
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The  relevant  attributes  are  the  computed  and  inherited  ctests.  However,  the  values  of  these  attributes 
are  s_list_tables,  not  fonnula_tables.  (And  the  etests  should  also  be  changed  to  s_list_tables.) 

The  transit ion^def  attributes  state_def ^done  and  glob:  Setting  transition^def  .glob  will  ma¬ 
nipulate  the  global  variable  glob.  These  manipulations  must  be  delayed  until  the  relevant  parts  of  the 
global  have  been  initialized  by  all  the  state_def  productions.  So,  we  will  define  transition^def  .glob 
to  depend  on  transition^def .  state_def_done,  and  state_def_done  will  be  an  inherited  attribute 
(in  fact,  auto-inherited).  At  the  very  top  level  t_or_tbd_list,  inheritance  of  state_def_done  will 
explicitly  depend  on  state_def  .glob,  which  achieves  the  necessary  delay. 

{Auio-aiirihutes)= 

Qautoinh  state^def _done 


{AitTibuies)-\-^ 

©attributes  { 

formula^table  *iiiherited_etests ; 
formul actable  ♦computed^etests ; 

s_list„table  ♦inherit ed_ct est s ; 
s_list_table  ♦computed_ctests ; 

int  state_def _done; 

{transiiion^orJ,ransitionJ}us-dtfJisi  attributes) 

>  transition_or_transition_bus_def „list 

(transition.or_transition-bus^defJist  attributes)^ 


{Attributes) -\-= 

©attributes  { 

formula_table  *inherited_etests ; 
formula_table  ♦computed_etests ; 

s_list_table  *inherited_ctests ; 
s_list_table  ♦computed_ ctests; 

int  state^def .done; 

{transition^or.transition^bus.def  attributes) 
y  treinsition.or.transition.bus.def 

(transition^orJransition.bus.def  atirihutes)= 
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{Aiiribuies)-\-= 
Qat tributes  { 


formula_table  ♦inherited.etests; 
formula_table  ♦computed.etests ; 

s_list_table  *iiiherited_ctests ; 
s_list_table  ♦computed_ctests ; 

int  state_def_done; 

{iransiiionJ)us.def  attributes) 

>  traiisition_bus_def 

(transition-bus -def  attributes)^ 


(Attributes) 

©attributes  •[ 

fonnula_table  *iiiherited_etests; 
f ormula_table  *computed_etests ; 

s_list_table  *iiilierited_ctests ; 
s_list_table  *computed_ctests ; 

int  stat€_def _done; 

(transiiio n-defJ ist  attributes) 

>  transition_d€f_list 

(transition.defJist  attribuies)= 


f  rom_code  and  to_code  are  the  unique  integer  codes  of  the  source  and  destination  states  of  the  transition, 
leave s_code  is  the  integer  code  of  the  state  that  the  transition  arrow  truly  leaves. 

FLAW;  The  value  of  event  shouldn’t  be  an  event _value.  It  should  contain  one  or  both  of  the  Str 
naming  the  event  or  the  integer  code  of  the  event. 

(Attributes) 

©attributes  { 


Str  *trigger_naine ; 
S_exp  *fml; 
int  code ; 
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transition. value  ♦val; 


int  state.def.done; 
int  from. code; 

Str  ♦to.name; 
int  to. code; 

Str  *from.name; 
int  leaves. code; 

Str  ♦leaves.name; 

StrList  *actions.ncimes; 
int  glob; 

{transiiion-def  attributes) 

}  transition.def 

{transiiion-def  attributes)^ 

If  a  transition  has  no  triggering  event,  we  associate  it  with  the  null  event,  whose  name  is  We  are  not 
currently  modeling  timeout  events;  and  to  distinguish  these  from  null  events  we  currently  model  them 
with  the  event  named  We  treat  the  null  event  as  an  event  that  is  always  enabled;  and,  for  now,  do 
the  same  with  the  dummy  event. 

{C  Macros)— 

#defiiie  Dummy  Event  Name  new  Str  (*'?") 

#define  NullEventName  new  Str(*"') 


{Attributes) 

©attributes  { 

Str  ♦str; 

{iransition-maybe-trigger  attributes) 
}  trans it ion.maybe.t rigger 

{iransiiion.maybe-irigger  attributes)^ 


{Attributes) 

©attributes  { 

S.exp  ♦fml; 

{transition-maybc-cond  attributes) 
]■  trans  it  ion.maybe.cond 

{transition-may be-cond  attributes)^ 
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{Attributes) 

©attributes  { 

StrList  *strlist; 

{transition^maybe-action  attributes) 
}  transitioii_inaybe_action 

{transition^maybe^action  attributes)  — 


6.12  Attributes  for  predicates 

For  now  we  dummy  out  macros  and  quantified  expressions:  Note  that  we’ll  have  to  maintain  a  symbol 
table  in  order  to  recognize  the  name  of  the  macro. 

Pm  assuming  that  x  EQ_0NE_0F  {,  a,  b  }  is  supposed  to  be  a  short  hand  for  x  =  a  or  x  =  b  . 
Finally,  operators  are  simply  associated  with  like-named  strings.  That  won’t  be  right.  We  may  have 
to  give  them  distinctive  names  to  distinguishm  real  operations  from  others — or,  at  least,  the  PVS  and 
EVES  print  functions  will  have  to  choose  separate  names  for  them. 

(Attributes) 

©attributes  •[ 

S_exp 

(pred^ref  attributes) 

>  pred^ref 

(pred^ref  attributes)^ 


(Attributes) 

©attributes  { 

S_exp  *fml; 
(predicate  attributes) 
y  predicate 

(predicate  aitribut€s)= 


(Attributes) -\-= 
©attributes  { 

S_exp  ♦fml; 
(neg ^predicate  attributes) 
}  neg_predicate 
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{neg, predicate  attributes)^ 


{Attributes) -\-= 
^attributes  { 
{macro^ref  attributes) 
}  macro_ref 

{macro.ref  attribuies)  = 


{Attributes) 

©attributes  { 

S_exp  ♦fml; 

{math.predicate  attributes) 
}  math_predicate 

{maih^predicate  attribuies)= 


{Attributes)-^— 

©attributes  { 

Str  ♦str; 

{booleari-math.operator  attributes) 
}  boolean_inath._operator 

( hooleanjmaih -operator  attributes)— 


{Attributes) 

©attributes  { 

S_exp  *fml; 

{state-predicate  attributes) 
>  state_predicate 

{state-predicate  attributes)^ 


{Attributes) 

©attributes  { 

S_exp  ♦fml; 

{foralLpredicaie  attributes) 
}  f orall_predicate 


{foralLpredicate  attributes) = 


{Aiirihutes)-\-= 

(Sattributes  { 

S_exp  ♦fml; 

{exists jprtdicaie  attributes) 
}■  exists_predicate 

{exists -predicate  attributes)= 


6.13  Attributes  for  conditions 

A  condition  is  defined  either  by  quantification  (not  currently  implemented),  by  a  boolean  constant,  or 
by  a  table.  For  now  well  ignore  any  presentation  issues  that  may  be  presented  by  the  tables,  and  simply 
glom  each  table  into  a  formula. 

Recall  the  syntax  for  tables: 


condition 

:  ... 

1  TABLE 
row^list 

END  TABLE 

1  ... 

row_list 

f 

:  pred^ref  ^ : *  truths value^list  *  ;  * 

1  row_list  pred^ref  ^ ^  truth_value_list  *  ; ^ 

* 

truth_value_list 

:  truth_value 

1  truth_value  truth_value_list 

f 

truth__value 

.  f'Y  f 

1  »F> 

1 

$ 

The  calculation  is  straightforward:  For  each  truth_value_list  the  attribute  tv_list  synthesizes 
the  corresponding  sequence  of  of  TruthValues.  Then,  letting  pred_ref .  f  ml  point  to  Q, 

f ormula_ 

row(Q,truth_value_list .tv^list) 

calculates  the  corresponding  sequence  of  the  formulas  Q,  not 

Q,  and  true.  (See  conditions  .h]  .) 
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Each.  [[row_list  .f midlist  contains  a  sequence  of  formulas  representing  ‘‘the  table  so  far”:  For 
example,  if  a  row_list .  0  is 

row^list.l  pred^ref  truth„value_list 

we  generate  the  pointwise  and  of  row_list .  1  and  formula^rowC  .  .  .  ). 

Finally,  condition. f ml  is  the  Or  of  the  top-level  row^list  .f midlist. 

We  have  to  be  careful  to  avoid  getting  in  trouble  from  the  reversing  property  of  the  prepending  list 
constructor. 

{Include  files)-\-= 

#include  ’’conditions  .h*’ 


{Attributes) 
©attributes  { 

S_exp  ♦fml; 
{condition  attributes) 
y  condition 

{condition  attributes)^ 


{Attributes) 

©attributes  { 

S_exp_list  ♦f midlist; 
{rowJist  attributes) 

>  row_list 

{rowJist  aitributes)= 


{Attributes) -y= 

©attributes  { 

TruthValueList  ♦tv_list ; 
{truth.valueJist  attributes) 
y  truth_value_list 

{truth JvalueJist  attributes)— 


{Attributes) 

©attributes  •[ 

TruthValue  val; 
{truih-value  attributes) 

}  truth.value 
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{truthjvalue  atiribute$)= 


6.14  Attributes  for  expressions 

The  val  of  an  expression,  simple^expression,  or  f  unction_ref  is  its  representation  as  an  s-expression. 
As  noted  in  function_def inition.h,  it’s  not  clear  what  data  structure  should  be  used  for  variables 
and  local  variable  lists.  For  now,  I’ll  represent  local  variables  as  s-expressions  of  variables  (i.e.,  terms 
that  are  not  applications). 

{Attributes) 

©attributes  { 

S_exp  *val; 

{expression  attributes) 

3-  expression 

{expression  atiribuies)= 


{Attributes) 

©attributes  { 

S_exp  *val; 

{simple-expression  attributes) 
>  simple_expression 

{simple-expression  aitributes)= 


{Attributes) -\-= 
©attributes  { 

S_exp  ♦val; 
{expression  attributes) 
{function-ref  attributes) 
y  function_ref 

{function-ref  attributes)— 


{Attributes) -\-~ 

©attributes  { 

S_exp_list  ♦inherited_val; 
S_exp_list  ♦computed_val ; 
{parameter-list  attributes) 

}  parameter_list 
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{parameter Jisi  attributes)^ 


{Attributes)'^— 
^attributes  { 

S_exp  *val; 
{parameter  attributes) 
>  parameter 

{parameter  attributes)= 


{Attributes)  A-= 

(Sat tributes  { 

S.exp_list  ♦ inherit ed_val; 
S_exp_list  ♦computed_val; 
{locaLvarJisi  attributes) 
y  local_var_list 

{locaLvarJisi  attributes)— 


6.15  The  various  kinds  of  names 

Names  are  tokens.  The  attributes  str,  as_S_exp,  and  code  are  defined  during  parsing.  (See  grammar  .1.) 
{Attributes) 

©attributes  { 

Str  ♦str; 

S_exp  ♦as^S.exp; 

{STATE-NAME  attributes) 

}  STATE^NAME 

{STATE-NAME  attributes)= 


{Attributes) -\-= 

©attributes  { 

Str  *str; 

{SYSTEM-NAME  attributes) 

y  SYSTEM.NAME 
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{SYSTEM.NAME  aiinbuies)- 


{Attribuits)-\-~ 

©attributes  { 

Str  *str; 

{COMPONENT.NAME  aitribuies) 
}  COMPOUENT^NAME 

{COMPONENT^NAME  aiiribut€s)= 


(Attributes) 

©attributes  { 

Str  ♦str; 

(EVENT^NAME  attributes) 
y  EVENT.NAME 

(EVENT^NAME  attributes)^ 


(Attributes) 

©attributes  { 

Str  ♦str; 

(OUTJNTERFACE^NAME  attributes) 
}  OUT^INTERFACE^NAME 

(OUTJNTERFACE.NAME  attributes)- 


(Attributes) -\-= 

©attributes  { 

Str  ♦str; 

(INJNTERFACE.NAME  attributes) 
y  IN^INTERFACE.NAME 

(INJNTERFACE^NAME  attributes)= 


(Attributes) += 


©attributes  { 


Str  *str; 

S_exp  *as_S_exp; 
{CONSTANT.NAME  aitrihuies) 
}  CONSTANT^NAME 

{CONSTANT.NAME  attributes)- 


{Attribute  s)-\-= 

©attributes  { 

Str  *str; 

S_exp  *as_S_exp; 
{IN-VAR-NAME  attributes) 
y  IN^VAR^NAME 

{IN.VAR.NAME  attribuies)  = 


{Attributes) 

©attributes  { 

Str  *str; 

S_exp  *as_S_exp; 

{OUT. VA R.NAAfE  attributes) 
>  OUT.VAR^NAME 

{OUT.VAR.NAME  attributes)^ 


{Attributes) 

©attributes  { 

Str  *str; 

{FUNCTION.NAME  aitribuies) 
>  FUNCTION_NAHE 

{FUNCTION.NAME  attributes)= 


{Attributes)+= 

©attributes  { 

Str  *str; 

S_exp  *as_S_exp; 
{LOCAL.VARJ^AME  attributes) 
}  LOCAL. VAR_NAME 
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{LOCAL.VAR^N AME  aiiributes)= 


{Atirtbuies)+= 

©attributes  { 

Str  ♦str; 

{MACRO^A\AAfE  attributes) 

y  MACRO.NAME 

{MACRO^NAME  attributes)^ 


{Attributes) -\-~ 

©attributes  { 

Str  *str; 

( TRANSITION^NAME  attributes) 
}  TRANSITION_NAME 

( TRANSITION.NAME  atiribuies)= 


{Attributes) 

©attributes  { 

Str  *str; 

{TRANSITION BUS^NAME  attributes) 
y  TRANSITIONBUS.NAME 

{TRANSITIONBUS.NAME  attributes)^ 
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Chapter  7 


Attribute  definitions 


Chapter  6  contains  a  master  file  explicitly  breaking  the  ‘^Attributes”  module  into  its  constituents,  one 
module  per  symbol.  It  also  contains  the  definition  of  basic,  globally  useful  attributes.  Attributes  specific 
to  particular  translations  are  defined  in  the  chapters  devoted  to  those  translations. 

The  definitions  of  attributes,  which  are  gathered  in  the  “rules”  modules,  are  organized  similarly, 
one  module  per  rule.  The  file  grammar-productions  .nw,  not  included  in  this  documentation,  explic¬ 
itly  breaks  the  “rules”  module  into  constituents,  one  module  per  production.  It  is  omitted  from  this 
documentation  because  that’s  all  it  does — it  does  not  define  any  attributes. 

The  long  and  ungainly  module  names  are  an  unfortunate  necessity,  since  the  only  convenient  way  to 
name  each  module  uniquely  is  to  name  it  with  the  full  text  of  the  corresponding  production.  However,  the 
names  are  never  touched  by  human  hands:  the  file  grammar-productions  .nw is  automatically  generated. 
The  file  equations  .nw,  also  automatically  generated,  contains  a  list  of  names  of  all  the  modules  and 
serves  as  part  of  the  developer’s  skeleton. 


7.1  Attributes  for  system 

{system:SYSTEM  SYSTEM^NAME  component Jisi  END  SYSTEM 
SECTION.SEPARATOR  }+= 


{component-list:)— 


{component-list: component-list  component-def  )= 


7.2  Attributes  for  components 

{component.def.-COMPONENT  COMPONENT.NAME  END  COMPONENT 
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®i  Qcomponent.def .in_top_state0  =  true_S_ptr; 


The  long.case  is  the  following  rule,  which  is  too  long  to  turn  into  a  module  name: 

component^def  :  COMPONENT  COMPONENT_NAME  ' :  ' 

END  COMPONENT 

I  COMPONENT  COMPONENT^NAME  ^ ^ 
state_def 
coiistaiit_def_list 
event_def_list 
iii_variable_def_list 
out_variable_def_list 
in_interface_def_list 
oiit_interface_def_list 
macro_def_list 
function^def^list 

transition_or_transition_bus_def _list 
END  COMPONENT 


The  inherited^events  of  event _def„list  is  the  empty  list.  That’s  the  boiler-plate  way  to  kick 
off  accumulating  all  declared  events  in  the  computed^ events  of  event_def_list.  NOTE:  I’m  not  now 
distinguishing  between  the  various  kinds  of  events  (state  events,  variable  events,  etc.) — they  all  go  in 
the  list. 

The  inherited^etests  of  t_or_tbd_list  is  the  formula  table  whose  keys  are  the  computed^ events 
of  event _def_list  and  whose  associated  formulas  are  all  false. 

QUESTION:  Should  we  automatically  add  NullEvent  to  this  list?  Pm  doing  nothing  about  that  for 
now. 

NOTE  ALSO:  Pm  not  adding  the  DummyEvent,  which  will  mean  that,  for  now,  timeout  events  (which 
are  currently  dummied  out)  will  be  ignored. 

The  purpose  of  the  (auto-inherited)  state_def_done  attribute  is  to  delay  certain  calculations  for 
transit ion_defs.  The  effect  of  effect  of  calling  glob,  set_leq()  is  a  side  effect  on  glob,  storing  the 
reflexive  transitive  closure  of  child_of  in  leq. 

{componeni.def: long -case  )= 

®i  0state_def .ancestor®  =  new  Str("”); 

®i  ®coinponent_def .  in_top_state0  = 

®state_def  .parent_as_S_exp®‘‘>Equals(true_S_ptr)  ; 

®i  ®transition_or_trcLnsition3us_def  _list .  inherited_etests®  = 
new  1 ormula_table (Stat eEventsToStrList ( 

0event_def _list . computed^ events®) , 


5 


f alse^S^ptr) ; 


Oi  ®trajisition_or_transitioii_bus_def _list .  inherited^ctestsQ  = 
new  s_list_table(StateValListToStrList( 

Qstate_def . conditionals_so_f arQ) , 
new  S_exp_list) ; 

C5e  transition_or_trcLnsition_bus_def _list .  state_def _done : 
stat e_def . glob ; 

Qtransition_or_transition_biis_def_list .state_def_doneQ  = 
glob.set_leq() ; 

0i  ©event _def _list .  inherited_events(a  =  EmptyEventValueList ; 


{component  Jocation:COMPONENT^NAME  )= 


{componentJocation.'EXTERNAL  )= 


7.3  Attributes  for  states 

7.3.1  Auxiliary  functions 

If  *paxent  is  P  and  ^children  is  (childl,  child2,  . . .)  then  many„iinply_one (parent , children)  is  a 
pointer  to  the  list  (childl  ->  P,  child  ~>  P,  . . .). 

If  mutual^  ex  elusion  (siblings)  points  to  a  list  asserting  that  (conjoined)  asserts  that  the  formulas 
in  ♦siblings  are  mutually  exclusive. 

These  functions  are  defined  in  s_exp_utilities  .h 

7.3.2  Definitions 

{staie.d€f:OR-STATE^TOKEN  STATE^NAME  DEFAULT  STATE.NAME 
siaie^charisJisi  END  ORSTATE^TOKEN  )= 

©i  ©St at e_charts_list .ancestor©  =  ©STATE^NAME. 0. strQ; 

©i  ©state_def . code©  =  rsml .get_state_code()  ; 

©i  ©state_def . val©  =  new  state_value(©STATE_NAME,0. str©, 

OrState, 

©state_def , code©) ; 
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Qe  state_def . glob  :  state_d.ef.val  state_charts_list .glob 

state_charts_list . comp_vals 
state_def . code; 

®state_def .glob©  = 

glob. set_state_code(©state_def . valQ)  + 
glob . set__child_of (©state_charts_list . comp_valsQ , 
©state_def . code©) ; 

©i  ©state_charts_list .iiiherited_vals©  =  (StateValueList  ♦)0; 

©i  ©state_def .parent _as_S_exp©  =  ©STATE_NAME.as_S_exp©; 

©i  ©state_def . children_as_S_exps©  = 

state_vals_to_s_exps(©state_ch.arts_list .  coinp_vals©) ; 

©i  ©state_def .parent_implies_children©  = 

©St at e_def .parent _as_S_exp©“> 

Implies  (©St ate_def .  children_as_S_exps©-->Or()  )  ; 

©i  ©state_def . children_imply_parent©  = 

many_op_one(®state_def . children_as_S_exps©, 

IMPLIES_SIGN, 

©state_def ,paxent_as_S_exp©) ; 

©i  ©state_def . incompatible_siblings©  = 

mutual_exclusion(©state_def . children_as_S_exps©) ; 

®i  ©state_def . conditionals_so_far©  = 

©state_chart s_list . conditionals_so_f  ax© ; 


{siaie^def:AND.STATE.TOKEN  STATE^NAME  staie.chartsJisi 
END  AND.STATE.TOKEN 

©i  ©state_charts_list .ancestor©  =  ©STATE_NAME . 0 . str© ; 

©i  ©state_def . code©  =  rsml.get_state_code()  ; 

©i  ©state_def . val©  =  new  state_value(©STATE_NAME.O.str©, 

AndState, 

©state_def , code©) ; 

©e  state_def .glob  :  state_def . val  state_charts_list .glob 
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state_cliarts_list .  corap^vals 
s tat e_def .code; 

^state^def  .glob<D  = 

glob. set_stat encode (®state_def.val®)  + 
glob . set_c]iild_of (Qstat e_chaxts_list . corap_vals@ , 
Qstate_def . code©) ; 

Qi  @state_charts_list .  irLlierited_vals©  =  (StateValueList  *)0; 

©i  ©state^def .parent^as_S_exp©  =  ©STATE^NAME.as^S^exp©; 

©i  ©state_def . children. as_S_exps©  = 

state.vals.to.s.exps (©state.chaxt s.list . comp.vals©) ; 

©i  ©state.def .parent .implies .children©  = 

©state.def .parent.as.S.exp©-> 

Implies (©state.def . children.as.S.exps©->And()) ; 

©i  ©state.def . children. imply. parent©  = 

many.op.oneC ©state.def . children.as.S.exps©, 

IMPLIES.SIGN, 

©state.def .parent. as. S. exp©) ; 

©i  ©state.def . incompatible.siblings©  =  Singleton(true.S.ptr) ; 

©i  ©state.def .  conditionals.so.fcLT©  = 

©state.cheirts.list .  conditionals.so.f  ar©; 


(staie.def.OR-ARRAY  STATE^NAME  ’[’INTEGER  ’]’  ’:’  state.chartsJist 
END  OR.ARRAY)= 

©i  ©state.charts.list .ancestor©  =  ©STATE.NAME . 0 . str© ; 

©i  ©state.def , code©  =  rsral. get. state. code () ; 

©i  ©state.def .val©  =  new  st ate. value (©STATE.NAME. 0. str©, 

OrArrayState, 
©state.def . code©) ; 

©e  state.def .glob  :  state.def .val  state.chcurts.list .glob 

state.chcirts.list .  comp.vals 
state.def .code; 
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®state_def .glob®  = 

glob . set_state_code (®state_def . val®)  + 
glob . set_child_of (®state_charts_list . comp.vals® , 
®state_def . code®) ; 

®i  ®state_charts_list . inherit ed^vals®  =  (StateValueList  ♦)0; 

®i  ®state_def .parent_as_S_exp®  =  ®STATE_NAME.as_S_exp®; 

®i  ®state_def . children_as_S_exps®  = 

stat e_vals_to_s_exps (®state_charts_list . comp_vals®) ; 

®i  ®stat€_def .parent_implies_children®  = 

®state_def .paxent_as_S_exp®-> 

Implies (® stat e_def . children. as_S_exps®->Or ( ) ) ; 

®i  Qstate.def, children. imply .parent®  = 

m2Lny.op_one(®state_def ,  children.as.S.exps® , 

IMPLIES.SIGN, 

®state_def .parent.as.S.exp®) ; 

®i  Qstate.def . incompatible.siblings®  = 

mutual_exclusion(®state.def . children.as.S.exps®) ; 

®i  Qstate.def . conditionals.so.far®  = 

Qstate. chart s.list . conditionals.so.far®; 


{staie^def:AND^ARRAY  STATE^NAME  f  INTEGER  f  siaie.charisJisi 
END  AND-ARRAY)^ 

®i  Qstat e.chcirts. list . ancestor®  =  QSTATE.NAME.O.str®; 

®i  Qstate.def .code®  =  rsml. get. stat e.code( ) ; 

®i  Qstate.def .val®  =  new  state.value{®STATE.NAME.O. str® , 

AndArrayState , 
Qstate.def . code®) ; 

Qe  state.def .glob  :  state.def . val  state.chaxts. list .glob 

state. charts.list . comp.vals 
state.def . code ; 

Qstate.def .glob®  = 
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glob .  set_state_code  (®state_def .  val<3)  + 
glob . set_child_of (Ostate_charts_list . comp^vals® , 
®state_def . codeO) ; 

®i  ®state^charts_list.iniierited_vals<9  =  (StateValueList  *)0; 

«i  ©state^def .parent_as_S^expO  =  OSTATE_NAME.as^S_exp®; 

Qi  ®state_def .children„as„S_exps0  = 

state_vals_to_s_exps(Qstate_charts_list .comp_vals®) ; 

®i  ®state_def  .pareiit_implies_children®  = 

®state_def .parent_as_S_exp®-> 

Implies (®stat e_def . childreii_as_S_exps®~>And ( ) ) ; 

©i  ®state_def .  cliildren_imply_pareiitQ  = 

many_op_one(®state_def . children_as_S_exps® , 

IMPLIES.SIGN, 

®state_def .parent _as_S_expQ) ; 

®i  ©state^def . incompatible_siblings©  ~  Singlet on (true_S_ptr ) ; 

®i  ®state_def , conditionals_so_f ax®  = 

®state_charts_list .  conditionals_so_f  cir®; 


{staie.def.ATOMIC  STATE.NAME  ’  )= 

®i  8state_def . code®  =  rsml.get_state_code() ; 

«i  fistate.def .val®  =  new  state_value(«STATE_NAME.O.stre, 

AtomicState, 

®state_def . code®) ; 

®i  ®state_def .glob®  =  glob. set_state_code(®state_def . val®) ; 
®i  ®state_def .parent_as_S_exp®  =  ®STATE_NAME. as_S_exp® ; 

Qi  Qstate^def .children_as_S_expsQ  =  new  S^exp^list; 

Qi  Qstate^def .parent^implies^children®  =  true^S^ptr; 

Qi  Qstate^def .children_imply_parent®  =  Singleton (true_S_ptr) ; 
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Qi  ®state_def . incompatible_siblings(D  =  Singleton (true_S_ptr) ; 
0i  Qstate^def . conditionals_so_f ar®  =  EmptyStateValneList ; 


{state^def:CONDITIONAL  STATE.NAME 

®i  ®state_def . code®  =  rsml .get„state_code() ; 

®i  ®state_def . val®  =  new  state_value(®STATE_NAME.O.str®, 

ConditionalState , 
®state_def . code®) ; 

®i  ®state_def .glob®  =  glob. set„state_code{®state__def . val®) ; 

®i  ®state_def .parent_as_S_exp®  =  ®STATE_NAME.as_S_exp®; 

®i  ®state_def . children_as_S_exps®  =  new  S_exp_list; 

®i  0state_def .paxent_implies_children®  =  trne_S_ptr; 

®i  ®st at e_def . children. imply ^parent®  =  Singleton(true.S_ptr) ; 

®i  ®state_def . incompatible. siblings®  =  Singleton(true.S.ptr) ; 

®i  ®state.def . conditionals.so.far®  = 

new  StateValueList(*®state.def . val®) ; 


{state-charisJisi:siaie-def)= 

®i  ®state.def . ancestor®  =  ®state_ch2G:ts_list .ancestor®; 

®i  ®state_charts_list .comp.vals®  = 

new  StateValneList (♦®state_def . val® , 

®state.charts_list . inherit ed.vals®) 

®e  st at e.charts. list .glob  :  state.def.glob; 

®state.chaxts.list .glob®  =  0; 

®i  ®state_chcLrts.list .  conditionals.so.far®  = 

®state_def . conditionals.so.far®; 
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{staie^charisJist:siaie^charisJisi  staie^def  }= 

Qi  @state_def . ancestor©  =  ©state_chELrts_list . ©.ancestor®; 

©i  @state_charts_list . 1 . ancestor©  =  ©state_charts_list . 0 . ancestor©; 

©i  @state_charts_list .  1 .  inlierited^vals©  = 

new  SimpleList<stat e_value> (♦©state_def . val© , 

©state_charts_list . inherited_vals©) ; 

©i  ©state_charts_list . comp_vals©  = 

©state_cliarts_list ,  1 .  comp_vals©; 

©e  state_cliaxts_list .O.glob  :  state_def  .glob 
state_ch2Lrts_list .  1 .  glob; 

©state_charts_list .glob©  =  0; 

0i  ©state_charts_list .O.conditionals^so^fax©  = 

©state_charts_list . 1 . conditionals_so_f arQ-> 

Append (©state_def . conditionals_so_f ar©) ; 


{siateJisi:STATE.NAME  )= 

©i  ©state_list . comp_exps©  = 

new  S_exp_list (0STATE_NAME . as_S_exp© , 

0state_list . inherit ed_exps©) ; 


{state Jisi:siateJist  \  ^  STATE.NAME  )= 

©i  ©state^list .O.comp^exps©  =  ©state_list . 1 . comp^exps©; 
©i  ©state_list . 1 . inherited_exps©  = 

new  S_exp_list (©STATE_NAME . as_S_exp© , 

©state^list , 0 . inherit ed^exps©) ; 


CURRENTLY  UNIMPLEMENTED 
{simple.siate.path:STATE^NAME  }= 


{simple.state-path:simple^siate.path  \  '  STATE.NAME  )= 


{state.path:STATE.NAME  parameter  7^  }= 
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{state.paih’.STATE.NAME  parameter  simplestaie^path 

)= 


{state.patfi:simpleMate^paih  STATE^NAME  ^['parameter 

{siate-path:simple^siaie-path  \  ^  STATE.NAME  parameter 
V  simplestate^path  }= 

(state-path:simple^state^path  )= 

(state^paih-ref:PREV  REAL  siate^path  }= 

{state.path.ref:state.path  )= 


7.3.3  Bodies  of  auxiliary  functions 

{Bodies)— 


7.4  Attributes  for  constants 

The  val  of  a  REAL  is  a  s cal ed_ integer.  The  val  of  a  CONSTANT^NAME  is  a  Str.  Both  attributes  are 
computed  during  the  first  pass.  To  generate  a  declaration  for  the  constant  and  the  defining  equation  we 
don’t  need  any  more  information. 

{constant.def:CONSTANT  CONSTANT^NAME  VALUE  ’P  REAL 
END  CONSTANT  )= 


(constant.def:CONSTANT  CONSTANT^NAME  VALUE  REAL 
END  CONSTANT  )= 


The  exp  of  a  constant _ref  is  a  pointer  to  an  s-expression  representing  the  constant  as  a  O-ary  function. 

{constani.ref:CONSTANT^NAME  )= 

(Si  Qconstant_ref . expQ  =  ®CONSTANT_NAME. as_S„expQ; 


59 


( constani.dcfJisi:)= 


{constant ^defJisi:constani.defJist  constant-def  )= 


7.5  Attributes  for  variables 

{in.variable.def:IN.VARIABLE  IN.VAR.NAME  TYPE  ’.-’NUMERIC 
expected.min  expected.max  min.gran  max.gran  END  IN.VARIABLE 
)= 


(out.variable.def.-OUT.VARIABLE  OUT.VAR.NAME  ’:’  TYPE  ’:’ 
NUMERIC  expected.min  expected.max  min.gran  max.gran  ASSIGNMENT 
’-.’expression  TRIGGER  event.ref  END  OUT.VARIABLE  )= 


{expected.min:)= 


{expected.min:EXPECTED.MIN  ’.-’REAL  )= 
{expected.max:)^ 

{expected.max:EXPECTED.MAX  ’.-’REAL  )= 
{min.gran:)= 

(min.gran.-MIN.GRAN  ’:’  REAL  }= 
{max.gran:)= 


{max.gran:MAX.GRAN  ’:’  REAL  )= 

( in.variable.re f:IN. VA R.NA ME  ) = 

Si  ein_variable_ref . str®  =  eiN_VAR_NAME . str® ; 

®i  ®in_veiriable_ref .as_S_expa  =  ®IN_VAR_NAME.as_S_expa; 
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{out-variable.ref.’OUT.VAR.NAME 

(fii  Qout_variable_ref * str®  =  ®OUT_VAR_NAME . str® ; 

®i  ®out_vaxiabl€_ref . as_S_exp®  =  ®OUT_VAR_NAME.as_S_exp®; 


{in.variable^assiIAL  VAR.NAME  )= 

®i  ®in_variable_ass,str®  =  ®IN_VAR_NAME. str®; 


( 0 ui.variable-ass: OUT.VA R-NA ME  )~ 

®i  ®out_variable_ass,str®  =  ®OUT_VAR_NAME. str®; 


{in^variableMefJist:)= 

(in^variable.defJisi:in.variable-defJisi  in.variableMef 

)= 

{out  ^variabh-de f -list  :)= 


{oui-variable-defJisi:o%d-variable-defJist  out-variabh-def 

)= 


{in-variableJist:)= 

®i  ®iii_vaxiable_list . computed_val®  =  EmptyStrList ; 


{in-variableJisi:in-variabh-ass  )= 

®i  ®iii_variable_list .  computed^val®  = 

new  StrList(®in_variable_ass . str®) ; 


{in-variableJisi:in-variableJisi  \  '  in-variabh-ass  )~ 

®i  ®in_variable_list . 0 . computed_val®  = 

®in_variabl€_list . 1 . computed.val® ; 

®i  ®in_vaxiable_list . 1 . inherit ed_val®  = 

new  StrList(®in_variable_ass. str®, 

®in_variable_list , 0 . inherited_val®) ; 


{variable:  oui-variabk-ref  )= 

®i  ®variable.str®  =  ®out_variable_ref . str® ; 

®i  ®vaxiable . as_S_exp®  =  ®out_variable_ref .as_S_exp® ; 
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{variable  :in  jvariable^ref 

®i  ©variable . str®  =  ©in_variable_ref . str©; 

0i  ©variable . as_S_exp©  =  ©in_variable_ref . as_S_exp©; 


NOTICE  that  the  attributes  for  this  instance  of  variable_ref  are  dummied  out. 

{variable.ref.PREV  '('REAL  ')'  in^variable^ref)= 

Qi  ©variable_ref  .str©  =  DummyStr; 

©i  ©variable^ref .as_S_exp©  =  DummyFormula ; 


{variable-ref:in-variable^ref)= 

©i  ©variable^ref ,str©  =  ©in^variable.ref . str©; 

©i  ©variable^ref .as_S^exp©  =  ©in^variable.ref . as^S^exp©; 


7.6  Attributes  for  events 

Boilerplate. 

{eveni.defJisi:)^ 

©i  ©eveiit_def„list .  computed^events©  = 

©event_def _list . inherited_events©; 


{eveni-defJisi: evenEdefJisi  event.def  )= 

©i  ©event_def _list . 0 . computed^ events©  = 

©event  _def_list .  1 .  computed,,  events© ; 

©i  ©event_def_list .l.inlierited^events©  = 

new  EventValueList (♦©event _def . val© , 

©event _def,.list .  0 .  inherit ed^events©)  ; 


{eveni.def: EVENT  EVENT^NAME  STATE 

©i  ©event _def .code©  =  rsml.get_event_code() ; 

©i  ©event _def .val©  =  new  event^value(©EVENT_NAME. str©,StateEvent) ; 
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{evenUef: EVENT  EVENT.NAME  VARIABLE  Y)= 

Qi  Qevent^def .  code®  =  rsinl.get_eveiit_code()  ; 

Qi  ®event_def . val®  =  new  event _value (®EVENT_NAME. str0,VariableEvent) ; 

{evenUef:EVENT  EVENT.NAME  INTERFACE  V)  = 

®i  ®event_def . code®  =  rsml,get_event_code() ; 

®i  ®event_def .val®  =  new  event_value(®EVENT_NAME,str®,Interf aceEvent) ; 

{eveni.ref:EVENT.NAME  }= 

®i  ®event_ref .str®  =  ®EVENT_NAME. str®; 

{eveniJisi:)= 

®i  ®event_list . computed^ events®  = 

®event_list . inherit ed_events®; 


{eveniJisi:ev€nt.Tef)= 

®i  ®event_list .computed_events®  = 

new  StrList (®event_ref , str® , 

®event_list . inherited_events®) ; 


{eveni.lisi'.eveniJisi  \  ’  eveni-ref)= 

®i  ®event_list , 0. computed_events©  = 

©event _list . 1 . computed^ events® ; 


®i  ®event_list . 1 . inherit€d_events®  = 
new  StrList (©event _ref . str®, 

©event _list . 0 . inherited_events®) ; 


7.7  Attributes  for  interfaces 

{in-interface-defJist:)= 
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{in^interface.defJisi.’in^interface-defJist  iu-interfacc-def 
)= 


{inJnterface.def:IN.INTERFACE  INJNTERFACE.NAME  ’-.’SOURCE 
’:’  component  Jocaiion  TRIGGER  ’.-’RECEIVE  ’(’  in.variableJist 
’)’  selection. condition  ACTION  ’:’  eventJist  END  IN.INTERFACE 

0i  Qe vent _1 is t . inherit ed.eventsQ  =  EmptyStrList ; 

®i  ®in_variable_list . inherited. val®  =  EmptyStrList; 


{outJnierface.defJi$t:)= 


{ouiJnierface^defJistroutJnierface^defJist  outJnterface-def 


{ouUnterface.def.-OUTJNTERFACE  OUTJNTERFACE.NAME 
DESTINATION  ’:’  component. location  TRIGGER  ’:’  event. ref 
selection.condition  ACTION  ’:’  SEND  ’(’ parameter. list  ’)’ 

END  OUT.INTERFACE)= 

Qi  fflparanieter_list.iiiherited_vaia  =  new  S_exp_list; 


(ouUnterface.def.-OUTJNTERFACE  OUTJNTERFACE.NAME  ’:’ 
DESTINATION  ’:’  component. location  ’,’  INJNTERFACEJIAME 
TRIGGER  event.ref  selection.condition  ACTION  ’-.’SEND 
’(’  parameter. list  ’)’  END  OUT.INTERFACE  )= 

ffli  aparaineter_list.inherited_vaia  =  new  S_exp_list; 


(selection.condition:)= 


(selection.condiiion-.SELECTION  ’:’  condition  )= 
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7.8  Attributes  for  macros 

{macro.defJisi:)  = 


[macro -defJisi.macro^def -list  macro -def  )= 


(macro.def: MACRO  MACRO-.NAME  locaLvarJist  condition 

END  MACRO  )= 

Qi  ®local_var_list.inherited_val®  =  new  S_exp_list; 


7.9  Attributes  for  functions 

[function -defJisi:)^ 


[function.defJist.function^defJisi  funciion-def  )= 


[functionMf'.FUNCTION  FUNCTION^NAME  locaLvarJist 

RETURN  ’E  CASE  caseJist  END  CASE  END  FUNCTION 


®i  ®local_vaj:_list . inherited_val®  =  new  S_exp_list; 
©i  Qcase_list . inherited_val®  =  EmptyCaseList ; 

®i  ®fiinction_def .  val®  = 

new  function^def inition(®FUNCTION_NAME. str®, 
®local_vax_list . computed_val® , 
®case_list . compnted.val®) ; 


[caseJist: case  }= 

®i  ®case_list  .coinputed_val®  = 

new  CaseList(®case. val®) ; 


[caseJist: caseJist  case  )= 

®i  ®case_list .0. computed_val®  =  ®case_list . 1 . computed. val® ; 
®i  ®case_list. 1 . inherit ed.val®  = 
new  CaseList (©case. val®, 

©case.list . 0 . inherit ed.val®) ; 
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{case: expression  IF  pred^ref  Y)= 

®i  Scase.val®  =  new  rsinl_case(®pred_ref  .fml® ,  ^expression. val®)  ; 


7.10  Attributes  for  transitions  and  busses 

{Include  files)-\-= 

#include  “f onnula_table_utilities .h” 

#include  "state_value_utilities .h" 

#include  "s_list_table_utilities .h" 


Synthesis  of  computed_etests  is  boiler  plate.  Given 

■t_or_tbd_listO  =  t_or_tbd_listl  t_or_tbd 
there  are  two  basic  “flows” : 

•  t_or_tbd_listO. computed_etest  < —  t_or_tbd_listl . computed_etest 

That  is,  all  t_or_tbd_list  nodes  have  the  same  computed  etest,  which  ultimately  flows  up  from 
the  last  item  in  the  list. 

•  t_or_tbd_listO . inherit ed_ etest  — >  t_or„tbd . inherited_etest 
t_or_tbd.inherited_etest  +  local^info  — >  t^or^tbd. computed^ etest 
t_or_tbd.compnted_ etest  — >  t_or_tbd_listl . inherit ed^etest 

That  is,  a  t^or.tbd  node  takes  the  inherited  etest  of  its  parent,  adds  the  local  information  from 
its  declaration  (the  event/condition  pair),  and  hands  the  result,  as  inherited  information,  to  its 
sibling  t_or_tbd_listl. 

When  we  turn  the  corner,  the  empty  production  synthesizes  up  the  same  EventTests  it  inherits. 
Synthesis  of  computed_ctests  is  similar. 

{transition^orJransiiion.bus^defJist:)= 

®i  ©transit ion_or_transition_bus_def_list . computed_etests®  = 

©transit ion_or_transition_bus_def_list . inherited^etests©; 

©i  ©transition_or_transition_bus_def _list . computed_ctests©  = 

©transit ion_or_transition3us_def_list . inherited_ctests©; 


Here  are  the  two  flows  in  the  bread-and-butter  step  described  above  (for  the  case  in  which  the  t_or_tbd 
turns  out  to  be  a  transition_def). 


{iransition^orJransition^bus^defJisirtransition-orJransiiion^bus^defJisi 

iransiiion-orJransUion-bus.def)= 

Straus it ioii_or„trans it ion_bus_def_list . 0 . computed_etestsS  = 

Stransition_or_transition_bus_def _list . 1 . computed^etestsS; 

Si  StrcLnsition_or_traiisitioii_bus_def  _list .  1 .  inherited^etestsS  = 
Strains it ion_or_trans it ion_bus_def . comput  ed_et es t sS ; 

Si  Strains  it  ion_or  .trains  it  ion_bus_def ,  inherit  ed^etestsS  = 

Stram.sit ion.or. trams it ion.bus.def. list . 0 . inherit ed.etestsS ; 

Si  Stransition_or_transition.bus_def .list . 0 . comput ed.ctestsS  = 

Stransition.or.transition.bus.def .list , 1 . comput ed.ctestsS; 

Si  Stransition.or.transition.bus.def .list . 1 . inherited.ctestsS  = 
Stramsition.or.transition.bus.def . comput ed.ctestsS; 

Si  Stramsition.or.transition.bus.def . inherited.ctestsS  = 

Strans it ion.or.trans it ion.bus.def .1 ist , 0 . inherit  ed.ctestsS ; 


In  computing  the  ctest  we  want  to  add  a  formula  only  if  the  source  state  of  the  transition  is  a  conditional 
state.  In  applying  the  prepend  operation  that  qualification  is  applied  automatically:  the  keys  of  the 
s.list.table  consist  only  of  the  names  of  conditional  states,  and  if  we  supply  prepend  with  a  different 
key  the  result  is  a  no-op. 

FLAW?  Can  we  get  in  trouble  here?  Both  Dis joinToETests  and  AddToSTable  work  by  side-effect. 
{iransiiion-or.iransitionJ>us^def:iransiiion-def)= 

Si  St  rams  it  ion.  or  .transit  ion.bus.def .  comput  ed.ctestsS  = 

Dis joinToETests (Stremsition.def . trigger.nameS , 

Strans it ion.def . f mlS , 

Stransition.or.transition.bus.def, inherited.ctestsS) ; 

Si  Stransition.or.transition.bus.def. comput ed.ctestsS  = 

AddToSTable (Strans it ion.def . f rom.nameS , 

Strans it ion.def . f mlS , 

Stransition.or.transit ion.bus.def . inherited.ctestsS) ; 


For  the  case  in  which  the  t.or.tbd  turns  out  to  be  a  transit  ion.bus.def  we  have  to  go  down  another 
couple  of  layers,  so  this  layer  just  pipes  inherited  and  computed  etests  between  parent  and  child. 

{transition,orjtransUionJ)us-def:iransitionJ)us^def  )= 
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<9i  <5transitioii_biis_def .  iniierited^etestsO  = 

Qtransition_or_traiisitioii_biis_def ,  inherit ed_etestsQ; 

®i  ®transition_or_transition_bus_def . computed_etestsQ  = 
Straus it ion_bus_def . computed^etests® ; 

Si  Stransition_bus_def .inherited^ctestsS  = 

Stransition_or_transition_bus_def . inherited^ctestsS; 

Si  Stransition_or_traiisition_bus_def .computed^ctestsS  = 
Stransition_bus_def . computed_ctestsS; 


A  transition_bus_def  also  pipes  its  etests  between  the  parent  and  the  child  transition_def_list 

{transition.bus.def:TRANSITIONBUS  TRANSITIONBUS.NAME 
transHion^defJisi  END  TRANSITIONBUS  )  = 

Si  Stransition^def^list .inherited^etestsS  = 

Stransition_bus_def , inherited_etestsS; 

Si  Stransition.bus^def .computed^etestsS  = 

Stransition^def _list . computed^etestsS; 

Si  Stransition_def_list .inherited^ctestsS  = 

Stransition.bns.def . inherit ed_ctestsS; 

Si  Stransition_bns_def . computed^ctestsS  = 

Stransition^def^list.computed^ctestsS; 


We  use  the  same  boilerplate  to  gather  up  the  values  in  a  transition^def  _list  as  we  did  in  a  t_or_tbd_list. 

{transitioTi-defJisi:)  — 

Si  Stransition_def_list ,computed_etestsS  = 

Strcinsition^def  _list .  inherit  ed^etestsS; 

Si  Stransition_def _list . computed_ctestsS  = 

Stransition_def_list . inherit ed^ctestsS; 


{tTansiiion-d€fJisi:transiiion-defJist  transition  def 

)= 


Si  Stransition_def_list .O.compnted_etestsS  = 

Stransition_def _list . 1 . computed_etestsS ; 
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Qi  Qtransition^def .list . 1 . inherit ed.etests®  = 

Dis j  oinToETests (Otransition.def , trigger .name© , 
©transit ion.def . f ml© , 

©transition.def .list . 0 . inherited.etests©) ; 

©i  ©transition.def.list .O.computed.ctests®  = 

©transition.def .list . 1 . computed.ctests© ; 

©i  ©transition.def.list . 1 . inherited.ctests©  = 

AddToSTable (©trans it ion.def . f rom.name© , 
©transition.def . f ml© , 

©transition.def.list . 0 . inherited.ctests©) ; 


We  bottom  out  with  an  individual  transition.def,  which  supplies  the  material  for  the  event/condition 
pair  that  will  be  inserted  into  the  formula  table.  To  get  transition.def  .f ml,  we  conjoin  the  assertion 
“I  am  in  the  source  state”  with  the  fml  defining  the  transition’s  condition. 

FLAW:  The  trans  it  ion.maybe.act  ion  and  its  use  in  defining  transition.def  .val  are  dummied 
out. 

{transitton.def:TRANSITION  TRANSITJON.NAME  FROM  STATE-NAME 
TO  STATE-NAME  iransiiion-maybe-irigger  iransiiiort-maybt-cond 
transitiori-maybe-action  END  TRANSITION  )— 

©i  ©transition.def .code©  =  rsml .get .trans it ion.codeO ; 

®i  ©trcins  it  ion.def  .fml©  = 

©STATE.NAME . 0 . as.S.exp©->And (©trans it ion.maybe.cond . fml©) ; 

©i  ©transition.def .trigger.name©  =  ©trans it ion.maybe.trigger . str©; 

©i  ©transition.def .f rom.name©  =  ©STATE.NAME. 0 . str©; 

®e  transition.def .from.code;  transition.def . state.def. done 
STATE.NAME. 0. str; 

©transition.def .from.code©  = 

glob. code.of. state (©STATE.NAME. 0 . str©) ; 

©i  ©transition.def .to.name©  =  ©STATE.NAME. 1 . str©; 

©e  transition.def .to.code :  transition.def . state.def .done 
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STATE_NAME.l.str; 


Qtransition.def .to_codeQ  = 

glob . code_of .state (®STATE_NAME , 1 . str® ) ; 

®e  transition.def .leaves.code:  transition.def .state.def.done 
transition.def. from. code  transit ion.def .to. code; 

©transition.def. leaves. code®  = 

glob,  leaves  (®traiisitioii.def  .from.code®, 
®transitioii.def  .to.code®) ; 

®e  transition.def .leaves.name:  transition.def .state.def.done 
transition.def . leaves. code ; 

®trans it ion.def .leaves.name®  = 

glob , stat e.at (®transit ion.def . leaves.code®) ->str ( ) ; 

®i  ®transition.def .actions.names®  = 

®traiisition.maybe.act  ion .  strlist®  ; 

®i  ®transition.def . val®  = 

new  tr ans it ion. value ( ®TRANSITION.NAME . s t r ® , 

®trans it ion.def . trigger. name® , 
®transit ion.maybe.cond . fml® , 
©transition.def . from.code®, 
©STATE.NAME.O.str®, 

©transition.def , to.code® , 
©STATE.NAME.l.str®, 

©transition.def .leaves.code®, 
©transition.def . leaves.name®, 
©transition.def . actions.names®, 
©transition.def , code®) ; 

®e  transition.def .glob:  transition.def . state.def.done 
transition.def . val; 

©transition.def .glob®  = 

glob. set.transition.code(®transition.def .val®) ; 


We  model  the  absence  of  a  triggering  event  as  a  transition  triggered  by  the  unique  event  whose  name  is 

It  M 
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{transition  jmaybe-irigger:)= 


Qi  (Straus it ion^maybe^tr igger. strQ  =  NullEventName; 

The  obvious  thing. 

{transition-maybeJrigger:  TRIGGER  event-ref  )= 

Qi  Qtraiisition_inaybe_trigger«  strO  =  (Devent^ref .  strQ; 

We  are  not  currently  modeling  timeout  events,  so  this  becomes  a  dummy  named  so  it  can’t  become 
confused  with  a  declared  event  or  with  the  NullEvent. 

(transiiion-maybeJriggeriTRIGGER  TIMEOUT  simple-expression 
'/expression  7')= 

(Si  (Straus  it  ion_xnaybe_trigger .  str®  =  Dummy  Event  Name; 

CHECK  THIS  OUT:  I’m  assuming  that  if  there’s  no  explicit  condition,  the  condition  defaults  to  TRUE. 
{transition-maybe-cond:)~ 

Qi  Qtransition_maybe_cond.fmlQ  =  true_S_ptr; 

{transition-maybe-cond: CONDITION  condition  )~ 

Qi  Qtransition_maybe_cond.fml®  =  Qcondition. fmlQ; 

The  only  attribute  for  actions  lists  their  names. 

{iransiiion-maybe-aciion:)^ 

Qi  Qtransition_maybe_action. strlistQ  =  EmptyStrList ; 

{iransiiion-mayhe-action: ACTION  event-list  )= 

Qi  Qevent__list . inherited_eventsQ  =  EmptyStrList; 

Qi  Qtrajisition_maybe_action.strlistQ  = 

Qevent_list . computed^ events®; 
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7.11  Attributes  for  predicates 

{pred.ref .predicate  )= 

Qi  ®pred_ref . f ml®  =  ©predicate .fml®; 

{predicate :neg -predicate  )= 

©i  ©predicat e.f ml©  =  ©neg_predicate.fml©; 


{predicate  :macro^ref)  = 

©i  ©predicate ,f ml©  =  DammyFormula; 


{predicateimath-predicate  )= 

©i  ©predicat e.f ml©  =  ©math^predicate.fml©; 


{predicate istate-predicate  )  = 

©i  ©predicate . f ml©  =  ©state_predicate.fmlQ; 

{predicate :foralLpredicate  }= 

©i  ©predicat e.f ml©  =  ©f orall_predicate .fml©; 


{predicate: exists-predicate  )— 

©i  ©predicate .fml©  =  ©exists_predicate .fml©; 

{predicateiTRUE.TOKEN  )= 

Qi  ©predicat e.f ml©  =  true_S_ptr; 

{predicate:FALSE-TOKEN  )= 

0i  ©predicat e.f ml©  =  false_S_ptr; 


{neg -predicate: NOT  pred-ref)= 

©i  ©neg^predicate.fml©  =  ©pred„ref . f ml®->Not ( ) ; 


IGNORING  MACROS. 

{macro-ref:MACRO-NAME  parameierJist  ^)^)= 

©i  ©parameter^list .inherited_val©  =  new  S_exp_list; 
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{math-predi  cate  .'expression  booleanjmath-operator  expression 


0i  Qmath_predicate.fml®  = 

new  Application(Oboolean_math_operator . strQ, 
Doubleton(Qexpression . 0 . valO , 

(^expression.  1 .  val®))  ; 


[maih^predicaie: simple-expression  EQ-ONE-OF  parameter Jisi 
”)= 


©i  ©paraineter_list . inherit ed_val©  =  new  S_exp_list; 

©i  ©math^predicate.fml©  = 

one_op_many ( ©s imple_  expres  s ion . val© , 

EQ_SIGN, 

©pax3Lmeter_list .  comptited_val©)“>Or() ; 


{boolean-maih-operaiorF=^  )  = 

0i  ©boolean_inath_operator.str©  =  new  Str("=*'); 


{booleanjmath-operaior: 

©i  ©boolean_math_operator .  str©  =  new  Str("REAL_>*’)  ; 


{boolean.math-operator:  Y  )= 

©i  ©boolean_inath_operator ,  str©  =  new  Str('*REAL_<")  ; 


{boolean.math-operator:LESS-OR-EQUAL  }= 

Qi  ©boolecLn_inath_ operator .  str©  =  new  Str("REAL_<=*0  ; 


{boolean-math-operator:GREATER-OR-EQUAL  )= 

©i  ©boolean^math^operator.str©  =  new  Str('*REAL_>=*0 ; 


{boolean-math-operaior:NOT-EQUAL  )= 

0i  ©boolean_math_operator .str©  =  new  Str("REAL_/=") ; 


{state-predicate: simplest aU-paih  INSTATE  STATE-NAME  )= 

©i  ©state_predicate. fml©  =  ©STATE_NAME. as_S_exp©; 
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Boilerplate:  state_list  inherits  the  empty  list.  It  computes  the  list  of  all  states  in  the  sequence  (as 
an  S_exp_list),  and  we  OR  them  together  (that  being  my  current,  tenuous,  understanding  of  the 
semantics) . 

{staie.predicaie:simple.state^paih  INMNEMF  state Jisi 

©i  Ostate^list  .inlierited^exps®  =  new  S_exp_list; 

Qi  ®state_predicate.finl(5  =  Ostate^list . comp_expsO->Or()  ; 

IGNORING  QUANTIFIERS. 

{foralLpredicate:FORALL  LOCAL^VAR.NAME  constant^ref 
\  ’  constant-ref  7’  '  pred-ref)= 

Qi  oral l_predi cate  .f ml®  =  DuiamyFormula; 

{exists-predicate: EXISTS  LOCAL-VAR.NAME  f  constant-ref 
\  ^  constant-ref  7^  ’  pred-ref)= 

®i  ®exists_predicate.fml®  =  DmnmyFormula ; 


7.12  Attributes  for  conditions 

{condition: FO RAIL  LOCAL-VAR-NAME  constant-ref  \  ’  constant-ref 
7^  V  condition  )~ 

®i  ©condition. f ml®  =  DummyFormula ; 


{condition: EXISTS  LOCAL-VAR-NAME  consiani-ref  \  ^  constant-ref 
7^  \  ^  condition  )= 

®i  ©condition. f ml®  =  DummyFormula; 


{condition:TABLE  rowJisi  END  TABLE  )= 

®i  ©condition. f ml®  =  ©row^list .fml_list0->Or() ; 


{condition:TRUE-TOKEN  )= 

®i  ©condition. f ml®  =  true_S_ptr; 


{condiiion:FALSE-TOKEN  )= 

®i  ©condition.fml®  =  false_S_ptr; 


74 


{rowJist:pred-ref  iruih.valueJist  Y)= 

Qrow^list.f midlist®  = 

fonnula_row((Dpred_ref  .fml®,  ®truth_value_list  .tv.listQ)  ; 

(rowJisi:rowJisi  pred.ref  iruih^valueJisi  Y  )= 

Qi  ®row_list = 

ptwise_And(®row_list . 1 .fml.list®, 

fonnula„row((5pred_ref  .fml® , 

©truth_value_list . tv^listQ) ) ; 


(truth^valueJist:iruih^value  }= 

0truth_value_list . tv_list©  =  new  TruthValueList( Strut h_ value .valQ) ; 


{truth jvalueJisi:iruih-value  irutk^valueJist  }= 

Si  Struth_value_list .0. tv_listS  = 

new  TruthValueList (Struth_value . valS , 

Strut h_value_list . 1 . tv^listS) ; 


{truth jvaluei’T^  )= 

Si  St rut h_ value. valS  =  tv_true; 


{truth-value:  )= 

Si  Struth_value . valS  =  tv_false; 


{truth.value:\  '  }= 

Si  Struth_value . valS  =  tv_dont_care; 


7.13  Attributes  for  expressions 

Note:  I’m  dummying  out  the  various  TIME  expressions. 

{Ox  Macros)= 

Smacro  B inary Ap( op, ) 

Si  Sexpression.O. valS  = 

new  Application (new  Str(op), 

new  S_exp_list(Sexpression. 1 . valS,Singleton(Sexpression.2. valS))) ; 
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<9  end 


toacro  UnaryAp(op,) 

Qi  ^expression. 0, valQ  = 

new  Application(new  Str(op), 

Singleton(®expression. 1 . val®)) ; 


Send 


{expression: expression  expression  )= 

BinaryAp("REAL_*'\) 

{expression: expression  expression  )= 

BinaryApC'REAL^/",) 

{expression: expression  expression  )= 

BinaryApC*REAL_+’*,) 

{expression '.expression  expression  )= 

Binary  Ap(**REAL_~'*, ) 

{expression'/-^  expression  %prec  UMINUS  )= 

UnaryAp("REAL_NEG» , ) 

{expression: ’(’  expression 

Oi  Oexpression.O. valO  =  ©expression. 1 .valS; 

{expression: simple^expression  }= 

®i  ©expression. val©  =  ©simple^expression. val©; 

{simple^expression:variablejref)= 

©i  ©simple_expression.val©  =  ®variable_ref . as_S_exp© 

{simple-expression:function-ref)= 

©i  ©simple_expression. val©  =  ©fnnction_ref . val©; 


{simple -expression:  constant  jref)^ 

®simple_expressioii.val®  =  0 const ant _r ef . expQ; 


(simple-expression: LOCAL-  VAR-NAME  )= 

0i  0simple_expression. val®  =  0LOCAL_VAR_NAME. as_S_exp0; 


(simple -expression:  TIME  }= 

0i  0s  imple_  express  ion.  val0  =  DuininyFormula ; 


(simple -expression: TIME  Y’  event-ref  ’)’)= 

0i  0simple_expression, val0  =  DummyFonanla ; 


(simple-expression:TIME  PREV  '('REAL  ')'  event-ref 
’)’)= 

0i  0simple_expression. val0  =  DummyFontiula ; 


(simple-expression:TIME  '('  variable-ref  ')')  = 

0i  0simple_expression. val0  =  DnmmyFormula ; 


(stmple-expression:TIME  '('  ENTERED  STATE.NAME  ')')= 
0i  0siiaple_expression. val0  =  DummyFormula ; 


(function-ref :FUNCTION-NAME  '('  parameterJist  ')')= 

0i  0fnnction_ref . val0  = 

new  Application{0FUNCTION_NAME. str0, 

0paraineter_list .  compnted_val0)  ; 

0i  0paraineter_list . inherit ed_val0  =  new  S_exp_list; 


(parameter-list:) = 

0i  0paraineter_list .  computed_val0  = 

0para2neter_list .  inherit  ed_val0 ; 


(parameterJist:parameter  )= 

0i  0pcLrameter_list .  computed_val0  = 
Singleton(0parcuneter .  val0)  ; 


77 


{parameter Jist:param€ierJisi  \  '  parameter  )~ 

Oparameter_list .O.computed_val©  = 

©pEirameter^list .  1 .  computed_val©; 

©i  ©pairameter.list .  1 .  inherit ed^VcLl®  = 

new  S_exp_list (©parameter .val®, 

©parameter_list . 0 . inherit ed_val©) ; 


{parameter: expression  )= 

©i  ©parameter.val©  =  ©expression. valQ; 


{locaLvarJist:)= 

©i  ©local_var_list .computed^val©  =  ©local^var^list . inherit ed^val©; 


{locaLvarJist:LOCAL^VAR.NAME  )= 

©i  ©local_var_list .computed_val©  = 

Singleton(©LOCAL^VAR_NAME . as^S^exp©) ; 

{locaLvarJist'AocaLvarJisi  \  '  LOCAL^VAR.NAME  )= 

©i  ©loc3Ll_var_list .  0 .  computed_val©  = 

©local__var_list .  1 .  computed_val©; 

©i  ©local_var_list . 1 . inherited_val©  = 

new  S_exp_list (©LOCAL_VAR_NAME . as_S_exp© , 
©local_var_list . 0 . inherited_val©) ; 


7.14  Attributes  for  names 

The  basic  attribute,  assigning  a  Str  to  the  name,  is  computed  during  lexical  analysis.  (See  gramnar .  1.) 

{STATEJ^AME:NAME  )= 

{SYSTEM.NAME:NAME  )= 

{COMPONENT^NAME:NAME  )= 

{EVENT.NAME:NAME  }= 
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(OUTJNTERFACE.NAME:NAME  )= 


(INJNTERFA  CE.NA  ME:NA  ME ) = 
{CONSTANT.NAME:NAME  )= 

{IN-  VAR.NA  ME:NAME  )= 
{OUT.VARJ\LAME:NAME  )= 
{FUNCTION-NAMEiNAME  )= 
{LOCAL-VAR-NAME:NAME  )= 
{MACRO-NAME:NAME  )= 
{TRANSITION-NAME-.NAME  )= 
(TRANSITIONBUS-NAME:NAME  )= 
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Chapter  8 

EVES 


This  chapter  contains  a  partly  filled  in  template  for  integrating  the  EVES  prover.  We  define  two  traversals 
in  order  to  experiment  with  two  different  ways  of  encoding  the  state  hierarchy  into  EVES. 

8.1  Currently  implemented 

In  the  E  translation  we  currently  generate  the  following  EVES  theory: 

•  Unconditional  states  are  declared  as  boolean  constants,  and  axioms  define  the  hierarchy  relation 
(in  particular,  the  ‘In  state”  and  “in  one  of”  predicates). 

•  RSML  constants  are  declared  and  axioms  define  their  initial  values. 

•  RSML  in  variables  are  declared  as  unspecified  real-valued  constants. 

Note  that  RSML  variables  should  really  be  modeled  as  real-valued  functions  of  time. 

•  The  definitions  of  RSML  functions  are  entered  as  axioms. 

Out  variables  are  ignored.  Timeout  events  are  ignored,  and  predicates  referring  to  the  timed  properties 
of  variables  are  dummied  to  the  formula  “false.”  (It  might  be  more  informative  to  dummy  them  as 
distinct  unspecified  constants  with  suitable  mnemonic  names.) 

We  generate  candidate  theorems  corresponding  to  the  following  tests: 

•  The  table  defining  each  rsml  function  is  complete  and  consistent. 

•  The  conditions  for  exiting  from  each  conditional  state  are  complete  and  consistent, 

•  For  each  event,  the  conditions  for  transitions  triggered  by  the  event  are  complete. 
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8.2 


Preliminaries 


The  traversal  for  the  EVES  translation  iseves2  (for  historical  reasons — the  other  EVES  translation 
proved  a  failure). 

{Glohals)^= 
int  eves2  =  0; 


[Travers 

©traversal  ©preorder  eves2 


The  type  of  the  global  state  for  the  translation: 

[Include  files)-\-= 

#iiiclude  *'eves2_state.h** 


In  eves2,  rather  than  do  lots  of  work  generating  axiom  names  that  are  both  unique  and  mnemonic 
we’ll  just  distinguish  them  with  an  integer  suffix.  Calls  to  the  my_eves2_state . suffix  method  will 
successively  return  the  strings  *' _ 1**,  " _ 2*\  etc. 

[Globals)-\-^ 

eves2_state  my_eves2_state; 


The  command  line  argument  choosing  €ves2  is  E: 

[Switches  for  traversals) -\-= 

case  :  eves2  =  1;  breaik; 


Basic  classes  needed  to  define  the  attributes  and  the  traversal  actions  define  s-expressions  and  manipu¬ 
lations  on  them: 

[Include  files) += 

#include  "obj.h" 

#include  'Tist.h" 

#include  **str.h" 

#include  "s_exp.h" 

#include  *'s_exp_utilities  .h" 

#include  *'eves_state .h*‘ 

#include  "misc^utilities  .h** 

#iiiclude  "state_value  .h" 
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8.3  Attribute  declarations 

Currently,  there  are  no  special  eves  attributes. 


8.4  Auxiliary  functions 

The  operation  eves_skeleton2  generates  skeletons  for  noweb  files  that  will  be  used  to  accumulate  an 
eves  theory.  It  will  be  called  if  the  evess  flag  is  set. 

{Function  headers)= 
void  eves2_skeleton() ; 


8-4,l  Printing  axioms 

print. eve s_axiom  prints  an  EVES  rule  which  will  be  put  into  the  noweb  module  named  module. name; 
the  name  of  the  rule  is  name,  its  variable  list  is  vbls,  and  its  body  is  formula. 

{Function  headers)-\-= 

void  print_eves.axiom(char  *kind,  char  *module.name,  Str  *name, 

S^exp.list  *vbls, 

S.exp  ^formula,  FILE  *1); 


{C  Macros)-^— 

#define  pr int .axiom (module.name,  name,  vbls,  formula,!)  \ 

print.eves.axiom(‘*axiom",  module.name,  name,  vbls,  formula,  f) 

#define  print .f rule (module.name,  name,  vbls,  formula,!)  \ 

print.eves.axiom('*frule" ,  module.name,  name,  vbls,  formula,  f) 

#define  pr int .grule (module.name,  name,  vbls,  formula,!)  \ 

print.eves.axiom(**grule",  module.name,  name,  vbls,  formula,  f) 

#define  print .rule (module.name,  name,  vbls,  formula,!)  \ 

pr int. eves.axiom( "rule**,  module.name,  name,  vbls,  formula,  f) 


We  need  an  analogous  operation  for  a  list  of  formulas.  The  limitations  of  print. eves.family:  all  formu¬ 
las  have  to  be  of  the  same  kind  (axiom,  frule,  grule,  etc.),  must  be  inserted  into  the  same  module.name, 
and  all  must  have  the  same  collection  of  top-level  variables  (the  value  of  vbls).  The  names  assigned  to 
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these  axioms  will  be  things  like  *’name_stub _ 36",  "iiaine_stub _ 37",  etc.  You’ll  have  no  control  over 

which  integer;  but  all  will  be  distinct. 

{Function  headers)-\-= 

void  print _eves_family( char  *kind,  char  ♦module^name ,  Str  *na2n€_stub, 

S_exp_list  ♦vbls, 

S_exp_list  midlist,  FILE  *f); 


{C  Macros) 

#define  print_axiom_f ainily(module_naine ,  name^stub,  vbls,  fml_list,f)  \ 

print_eves_fajnily ( "axiom" ,module_name,  name^stub,  vbls,  f midlist, f) 

#define  print_fnile_f ainily(module_name,  name^stub,  vbls,  fml_list,f)  \ 

print_eves_family("frule",module_name,  name.stub,  vbls,  fml_list,f) 

#define  print_grule_f ainily(module_name,  name^stub,  vbls,  fml_list,f)  \ 

print_eves__fainily("grule" ,modiile_name,  name_stub,  vbls,  fml_list,f) 

#define  print_rule_f ainily(modiile_narae,  najne_stub,  vbls,  fml_list,f)  \ 

print_eves_family("rule" ,module_name,  name_stub,  vbls,  fml_list,f) 


And  an  analogous  operation  for  printing  formula  tables.  Right  now  I  don’t  know  how  rich  the  type  of 
formula  tables  will  ultimately  become,  so  I’ll  just  define  an  operation  that  prints  the  tautology  check  for 
formula  tables.  The  tautology  check  for  event  Foo  will  be  printed  as  an  Eves  axiom  named  something 
like  "Foo-event s-not-ignored _ 17" . 

A  first  step  toward  generalizing  this  is  eves_table_check,  which  takes  a  Str  (a  key  in  some  way 
identifying  the  source  of  the  formulas)  and  an  S_exp_list.  It  prints  out  the  check  that  the  sequence  of 
formulas  is  exclusive  and  exhaustive. 

{Include  ^/es)+= 

#include  "f ormula_ table .h" 


{Function  headers)-\-= 

void  eves_taut_check(Str  *eveiit_name,  S_exp  *fml) ; 
void  eves_table_check(Str  ♦key,  S_exp_list  ♦fml_list) ; 


All  the  names  for  the  EVES  formulas  are  generated  in  the  same  way.  The  expected  use  of  the  macro 
EvesChajrName  is  to  replace  x  with  a  string  literal.  The  expected  use  of  the  macro  EvesStrName  is  to 
replace  x  with  a  Str. 
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(C  Macros) -\-= 

#defiiie  EvesStrName(x)  \ 

x-“>append(new  Str(my_eves2_state. suff ix() ) ) 
#defiiie  EvesCharName(x)  EvesStrNameC (new  Str(x))) 


8,4,2  Printing  function  declarations 

print_eves_function_stub  prints  an  EVES  function-stub  in  the  named  module,  with  the  given  name 
and  list  of  variables. 

{Function  headers)-^= 

void  print_eves^fiinction_stub(char  *module_name ,  Str  ♦name, 

S^exp^list  ♦vbls,  FILE  *f); 


If  name  points  to  "Foo",  then  this  function  generates  the  eves  declaration  ( function- stub  Foo  ()). 

{Function  headers)-\-= 
void  declare_in_state(Str  ♦name); 


8.4.3  Printing  tabular  definitions 

{Include 

#include  "f unct ion_def init ion . h** 

#include  *'function_def inition_utilities  .h" 


Given  the  CaseList  parameter  (cl ,  vl) ,  (c2,v2) ,  (c3,v3) ,  this  prints  the  following  family  of  frules; 

cl  ->  name(vbls)  =  vl 
c2  ->  name(vbls)  =  v2 
c3  ->  name(vbls)  =  v3 

Each  rule  is  given  a  name  of  the  form  tabular-def-of-name _ 37. 

{Function  header$)~\-= 

void  print_tabular_def  init  ion  (char  ♦module^name ,  Str  ♦name, 

S_exp_list  ♦vbls,  CaseList  ♦c_list,FILE  *±) ; 


8.4.4  Loading  external  EVES  theories 

To  avoid  yet  another  layer  of  m4  macros  on  top  of  this  one,  we  adopt  the  following  clumsy  way  to  define 
the  theories  to  be  loaded  by  the  theory  we’re  building.  To  load  the  theory  real  we  say 
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{eves  load  theories)— 

printf  (*'(load  real)\n"); 


Another  piece  of  the  preamble,  the  location  of  the  EVES  library,  is  hardwired  by  the  following: 
{eves-library)  = 

printf ("(set-library  \"/home/projects2/FMI/EVES/translator/eves_rsml_library/\")\n") ; 


8.4.5  Commonly  used  C  macros 

{C  Macros)-\-— 

#define  EVES_REAL  new  Application(new  Str("real")) 
#define  EVES^BOOL  new  Application(new  Str("bool")) 


8.4.6  Auxiliary  operations  for  the  eves2  traversal 

The  alternative  or  rules  are  illustrated  as  follows.  First,  a  2-child  or-state.  Given  parent  is  the  OR  of 
child  1  and  child2  we  want  frules  as  follows: 

(not  childl)  ->  parent  =  child2 
(not  child2)  ->  parent  =  childl 

These  would  be  named,  respectively,  childl->paxent=child2  and  child2->parent=childl. 

In  general,  we  do  things  recursively.  For  example,  suppose  parent  is  an  OR  of  childl,  child2,  and 
childS.  We  then  declare  a  function  stub  parent"  1  and  add  the  frules 

(not  childl)  ->  parent  =  parent"! 

(not  parent"!)  ->  parent  =  childl 

(not  child2)  ->  parent"!  =  childS 
(not  childS)  ->  parent"!  =  child2 

Etc. 

First,  we  implement  an  auxiliary  operation  two_child_or_rule  that  simply  generates  the  two  frules 
of  the  two-child  case;  and  then  a  recursive  operation  altemative_or_rules  that  does  the  general  case. 
The  extra  parameters  stub  and  counter  are  used  to  generate  names  for  the  auxiliary  function  stubs 
(stub"l,  stub"2,  . . .)  that  are  declared  along  the  way.  Logically,  the  precise  choice  of  stub  is  irrelevant 
(except  for  avoiding  name  clashes) — the  intended  use  is  that  the  top-level  call  to  alternative_or_rules 
uses  the  Str  value  of  parent  as  its  stub. 

The  output  goes  into  module  ^‘alternative-or  frules” . 
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{Function  headers)+= 

void  two_child_or_rule(S_exp  ♦parent,  S_exp  ♦childl,  S_exp  ♦child2) ; 

void  alternative_or_rules(S_exp  ♦parent,  S_exp_list  ♦chilluns, 

Str  ♦stub,  int  counter); 


8.5  Attribute  definitions 

Currently,  all  attributes  are  defined  in  attribute-def  initions  .nw. 

8.6  Traversal  actions 

Note:  I’m  no  longer  maintaining  the  eves  traversal — and  everything  associated  with  it  should  ultimately 
be  deleted. 

8.6.1  For  system  productions 

(sysiem:SYSTEM  SYSTEM.NAME  component Jist  END  SYSTEM 
SECTION.SEPARATOR  >+= 
aeves2  if  (eves2)  {  eves2_skeleton() ; 

} 


8.6.2  For  the  component  productions 

{component  Jist:)-{-= 


{component Jist:componentJist  component-def)+= 


{componenEdef:COMPONENT  COMPONENT.NAME  ’TEND  COMPONENT 

)+= 


NOTE:  Fm  no  longer  bothering  with  the  eves  traversal. 

To  the  module  for  defining  the  state  hierarchy  we  add  the  axiom  saying  that  the  top-most  state  of  a 
component  (regarded  as  a  Boolean)  is  always  true. 

We  generate  the  tautology  check  for  state  events  and  the  table  check  for  conditional  states. 

{component  ^def'Aong -Case  )+= 
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Qeves2  if  (eves2)  { 

priiit_rule(*'eves-niles  defining  state  hieraxchy”, 
EvesCharNameC "top-level-state*') , 
new  S_exp_list, 

Qcomponent  .def .  in_top_stat  e<2 , 
stdont) ; 

Qtransition_or_transition_bus_def _list . computed_etestsO-> 
do_it  (eves_taut_clieck) ; 

(Dtransition_or_transition3tis_def  _list .  computed_ctests<D-> 
do_it (eves_table_check) ; 

} 

{component  Jocation:COMPONENT^NAME  )-{-= 


{component  Jocation:  EXTERN  A  L  }-f-= 


8.6.3  For  the  state^def  productions 

For  the  case  of  an  OR-state  both  traversals  do  the  following  things: 

•  Declare  the  state  name  as  a  new  constant. 

•  Generate  the  child-parent  and  the  incompatible-or-sibling  frules. 

The  eves2  traversal  generates  the  alternative-or-rules. 

{state.def:OR,STATE^TOKEN  STATE.NAME  DEFAULT  STATE.NAME 
state.charisJist  END  OR^STATE-TOKEN 

®eves2  if  (eves2)  { 

declare_in_st at e (®STATE_NAME . 0 , str® ) ; 

print_frule_family(" child-parent  f rules" , 
new  Str("child-implies-parent") , 
new  S_exp_list, 

<Dstate_def .  children_  imply  ^parent® , 
stdout) ; 

print_frule_f amily("incompatible-or-sib  frules" , 
new  Str("incompatible-or-sibs") , 
new  S_exp_list, 

®state_def . incompat ible_siblings® , 
stdout) ; 
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alteniative_or_rules(©state_def  .paxent_as_S_exp(S, 
(Dstate^def .  cliildren_as_S_exps® , 

ESTATE  JAME.str®, 

1); 

} 


In  the  case  of  an  AND-state  we  traversals: 

•  Declare  the  state  name  as  a  new  constant. 

•  Generate  the  child-parent  and  the  parent-implies-children  rules. 

(staie^def:AND^STATE^TOKEN  STATE^NAME  siate^chartsJisi 
END  AND^STATE.T0KEN)A= 

Qeves2  if  (eves2)  { 

declare_in_state(®STATE„NAME.  str<D) ; 

print_frule_fainily("child-pcLrent  f rules'* , 
new  Str("child“implies“parent") , 
new  S_exp_list, 

(2state_def .  ch  ildren_  imply  ^parent©, 
stdout) ; 

print^f  rule  ("parent-implies-children  f  rules" , 

EvesCharNameC "parent-implies-children") , 
new  S_exp_list, 

(Ostat  e_def .  parent_implies_childrenO , 
stdout) ; 


> 

OR- arrays  of  states  are  not  supported. 

{state.def.OR^RRAY  STATE.NAME  ’[’INTEGER  ’]’  ’:’  state.chartsJist 
END  OR.ARRAY)+= 


AND-arrays  of  states  are  not  supported. 

{state.def:AND.ARRAY  STATE.NAME  ’[’INTEGER  ’]’  ’:’ state.charts  list 
END  ANDORRA  Y  )+= 
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We  declare  the  names  of  atomic  states  as  constants. 


{siaie.def:ATOMIC  STATE^NAME 

0eves2  if  (eves2)  { 

declare_in_state(@STATE_NAME.O.  strtS) ; 

} 


Conditional  states  do  not  figure  in  the  hierarchy,  as  they’re  not  real  states  -  you’re  never  actually  in 
one,  so  we  declare  nothing  and  generate  nothing. 

{stat€^def:CONDITIONAL  STATE.NAME  ’;’)+= 


State  charts  lists  are  not  supported. 

{staie-chartsJist:staie.def)-\-= 


{siate^charisJisi:siai€-charisJisi  $iaie^def)+= 


8.6.4  For  the  constants  productions 

Declare  the  RSML  constant  as  an  EVES  constant  and  add  its  defining  equation  as  a  rewrite  rule. 

Note  1:  Once  we  set  of  a  suitable  real-number  theory  in  EVES,  we  will  presumably  want  to  add  the 
assertion  that  the  constant  really  does  belong  to  the  type  real. 

Note  2;  For  the  puporses  of  automatic  checking  we  will  presumably  want  to  rewrite  constants  to 
their  literal  values — but  when  checking  fails,  this  may  not  be  the  most  helpful  thing. 

{consiant.def:CONSTANT  CONSTANT.NAME  VALUE  REAL 
END  CONSTANT  )-\-= 

Qeves2  if  (eves2)  {. 

print_eves_f unct ion^stub ( 

*’rsml-constcait  decls” , 

<DCONSTANT_NAME .  strQ , 
new  S_exp_list, 
stdout) ; 


print_rule( 

**eves“rules  for  rsml  constants”, 
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EvesStrNameC 

(new  Str ("def -const ant-*' )  )-> 
append(®CONSTANT_NAME. strQ) ) , 
new  S.exp^list, 

OCONSTANT.NAME . as_S^expO-> 

Equals (new  RealLiteral (®REAL . valQ) ) , 
stdout) ; 


> 


{consiant.def:CONSTANT  CONSTANT.NAME  VALUE  ’-’REAL 
END  CONSTANT  )-^= 

(9eves2  if  (eves2)  { 

print_eves_fTinction_stub( 

"rsml-constant  decls", 

®CONSTANT^NAME . str® , 
new  S_exp_list, 
stdout) ; 

print_rule( 

"eves-rules  for  rsml  constants**, 

EvesStrNaine( 

(new  Str('*def-constant-")  )“> 
append (®CONSTANT_NAME . str®) ) , 
new  S_exp_list, 

®CONSTANT_NAME . as_S^exp®-> 

Equals (new  Application ( 
new  Str(**“**), 

new  S_exp_list(new  RealLiteral(®REAL, val®) ) 

) 

), 

stdout) ; 


} 


{consiani^ref:CONSTANT.NAME  )+= 


{constant  _defJist:)-\-~ 
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8.6.5  For  the  variables  productions 

For  now,  the  only  actions  we  need  to  take  are  to  declare  in  variables  and  out  variables  as  unspecified 
constants.  (As  elsewhere  noted,  these  variables  are  logical  constants  properly  modeled  as  maps  from 
time  to  real  values;  but  for  now  I’ll  just  make  them  unspecified  real-valued  constants.) 

{in^variable^def:IN.VARIABLE  IN^VAR^NAME  TYPE  NUMERIC 
expected ^min  expecied^max  min.gran  max.gran  END  IN.VARIABLE 
)+= 


(2eves2  if  (eves2)  { 

print„eves_fiinctioii_stub( 

"eves-function-declarations*' , 
OIN^VAR^NAME.strQ, 
new  S_exp_list, 
stdout) ; 

print_grule( 

"eves-axioms  for  model*', 

EvesStrNameC 

(new  Str("type-of-**))~> 
append(®IN^VAR^NAME. str®) ) , 
new  S_exp_list, 

(new  Application(new  Str("type-of ") , 

Singleton(®IN^VAR_NAME , as_S_exp® ) ) ) -> 
Equals (EVES^REAL) , 

stdout) ; 

> 


{oui.variable^def:OUT^VARIABLE  OUT^VAR^NAME  TYPE 

NUMERIC  expected^min  expecied-max  min.gran  max^gran  ASSIGNMENT 
expression  TRIGGER  event. ref  END  OUT.VARIABLE  )-{-= 

®eves2  if  (eves2)  { 

print_eves_function_stub( 

"eves-function-declarations" , 
0OUT_VAR^NAME . str® , 
new  S_exp_list, 
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stdout) ; 


priiit_grule( 

"eves-axioms  for  model", 

EvesStrName( 

(new  Str("type-of “"))“> 
append ((50UT_VAR_NAME,  St rO) )  , 
new  S_exp_list, 

(new  Application(new  Str("type-of ") , 

Singleton((50UT^VAR_NAME .  as.S^expQ)  ) )  -> 
Equals (EVES.REAL) , 

stdout) ; 


} 

{expected  jmin:)-\-~ 

(expected^min:EXPECTEDMIN  ’P  REAL  )+= 

{ expect  ed-m  ax:)  A- = 

{expected.max:EXPECTED^MAX  REAL  )-f= 
{min.gran:)~\-= 

{min.graniMIN.GRAN  REAL  }+= 
{7nax^gran:)-\-^ 

{max^gran:MAX.GRAN  REAL  )+= 
{in^variahle^ref-JN^  VAR^NAME  )+= 
{out-variable.ref:OUT^VAR-NAME  }+= 
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{in-variahle,ass:IN-VAR^NAME  )-f= 


{oui.variahle.ass:OUT.VAR-NAME  }+= 
{in^variable.defJisi:)+= 

{in^variab!e^defJisi:in.variable-defJisi  in^variable^def 

)+= 

(out^variable-d€fJisi:)-\-= 

{oui.variable.defJist:oui^variabl€^defJisi  ouijvariable.def 

>+= 

{in-variableJisi:)-\-= 

(in.variableJist:in-variable-ass  )+= 
{in-variableJisi.in^variableJisi  \  ’  in^variable^ass  )-f^ 
{variable:  oui^variablejref 
{variable:injvariable,ref)'\-= 

{variable^ref:PREV  ’('REAL  in^variable^ref)-\-^ 
{variable^ref.'in^variable.ref)-^^ 

8-6*6  For  the  events  productions 

This  code  is  for  diagnostics  and  testing. 
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{Include  files)-{-= 

#iiiclude  "  event _value_ut ilit ies  .h*' 


{event  ^defJist:)-\~= 

0eves2  if  (eves2)  { 

/* 

printf( "event _def_list  with  empty  child\n") ; 
printf ("Inherited\n") ; 

print _EventValueList(^event.def_list . inher it ed_e vents®) ; 
printf ("CompntedVn") ; 

print^EventValueList (®event_def_list , computed,,  events®) ; 

*/ 

} 


{eveni-defJisiievenLdefJist  eveni.def  }+= 

®eves2  if  (eves2)  { 

> 


{eveni.def: EVENT  EVENT^NAME  STATE  Y)-\-= 

®eves2  if  (eves2)  { 

> 


{eveni.def:EVENT  EVENT^NAME  VARIABLE  V')+= 

®eves2  if  (eves2)  { 

> 


{evenEdef:EVENT  EVENT.NAME  INTERFACE  V'  >+= 

®eves2  if  (eves2)  { 

> 


{eveni.ref:EVENT.NAME  )+= 

®eves2  if  (eves2)  { 

> 
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{eveniJisi:)-\-~ 

0eves2  if  (eves2)  { 

> 


{event  Ji$i:ev€nt^ref  )-\-= 

®eves2  if  (eves2)  { 

} 


{eveniJist:eventJist  event^ref  )-\-= 

<0eves2  if  (eves2)  { 

> 


8.6.7  For  the  interfaces  productions 

8.6.8  For  the  macros  productions 

8.6.9  For  the  functions  productions 

{funciion^defJisi:)-{-= 

Qeves2  if  (eves2)  { 

} 


{funciion.defJisi:function^defJist  funciion.def  )+= 
Qeves2  if  (eves2)  { 

> 


{function.def:FUNCTION  FUNCTION.NAME  ’C  locaLvarJist 

RETURN  CASE  caseJisi  END  CASE  END  FUNCTION 

)+= 

0eves2  if  (eves2)  { 

print_eves_function_stub( 

*'eves-rsml  function  decls", 
®FUNCTION^NAME . str© , 
©local_var_list . computed_val©, 
stdout) ; 

print _tabulax_def inition( 
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”eves-rsml  fimction  definitions”, 

OFUNCTION^NAME . strO , 

01ocal_var_list . computed_val©, 

(9case_list .  comput  ed^valO , 
stdont) ; 

print_axiom( 

”rsml-f unctions  well-^def ined” , 

EvesStrNameC 

(DFUNCTION_NAME.  str®~> 
append(new  StrC'-cases-exclusive”) ) ) , 
<31ocal_Vcur_list .  computed_val(5, 
mutual_exclusion( 

condition_list  ((8case_list .  computed_val®) 
)~>And(), 

stdout) ; 
print_axioin( 

”rsml-f unctions  well-defined”, 

EvesStrNajne( 

©FUNCTION.KAME .  str(a-> 
append (new  Str(”-cases-exhaustive”) ) ) , 
©locals var_list . computed_val© , 
condition^list (©case_list . comput ed_val©) ->0r ( ) , 
stdout) ; 


> 


{case Jisi: case  )+= 

©eves2  if  (eves2)  { 

> 


{case  Jisi:  case  Jisi  case  }-f= 

Qeves2  if  (eves2)  { 
} 


{case: expression  IF  pred-ref  V’  }+= 
®eves2  if  (eves2)  { 
> 
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8.6.10  For  the  transition  busses  productions 

8.6.11  For  the  transitions  productions 

8.6.12  For  the  predicate  productions 

8.6.13  For  the  conditions  productions 

8.6.14  For  the  expressions  productions 

8.7  Bodies  of  auxiliary  functions 


Because  this  text  is  being  run  through  notangle  any  module  brackets  which  are  to  appear  in  the  notangled 
code  must  be  escaped  with  @-signs. 


8.7, 1  eves2_skeIeton 

The  skeleton  is  generated  in  a  somewhat  roundabout  way:  We  use  notangle  to  store  the  contents  of 
module  ’'eves  skeleton”  in  a  file  called  _eves_skeleton.  Then  eves2_skeleton  uses  the  function  grab 
to  read  this  file  and  return  it  as  part  of  the  act  of  generating  the  skeleton.  The  reason  for  this  deviousness 
is  to  keep  the  documentation  for  the  skeleton  under  control  of  no  web.  The  alternative  would  be  to  fill 
the  body  of  eves2_skeleton  with  an  eye-glazing  accumulation  of  printf  or  fprintf  statements. 

The  top-level  outline: 

{eves  skeleton)= 

«♦»= 

«€ves“library» 

«eves“load  theories» 

«eveS“function-“declarations» 

«eves“axioms  for  model» 

« eves -candidate  theorems» 


EVES  function  declarations 
(eves  skeleton)-]-— 

«eves-f  nnct  ion-declarat  ions»= 
«in-state  decls» 
«rsml-constant  decls» 
«eves-rsml  function  decls» 


Axioms 
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{eves  skeleton)~\-~ 

« eves -axioms  for  model»= 

«eves-rules  defining  state  hierarchy» 
«eves-rules  for  rsml  constants» 
«eves-rsml  function  definitions» 

Axioms:  state  hierarchy 
{eves  skeleion)-\-~ 

«eves-mles  defining  state  hierarchy»= 
«child-parent  friiles» 
«parent-iraplies-children  frules» 
«incompatible“or-sib  frules» 
«alternative-or  frules» 


Candidate  theorems:  events  not  ignored,  functions  well-defined,  conditional  states  well-defined 
{eves  skeleton)-\-^ 

«eves-candidate  theorems»= 

«  event  s-“not-ignored» 

«conditional-states-w€ll-defined» 

«rsml“functions  well-def ined» 


Boilerplate: 

{eves  skeleion)-\-~ 

«in-“State  decls»= 

«rsml- constant  decls»= 

«eves-“rsml  function  decls»= 
«eves-rules  for  rsml  constants»= 
«eves-rsml  function  def initions»= 
«child-parent  frules»= 
«parent-implies-children  frules»= 
«incompatible-or-sib  frules»= 
«alternative-or  frules»= 
«events-not-ignored»= 

«condit  ional-s  tat  es -well-def  ined»= 
«rsml -functions  well-def ined»= 


{Include  files)-[-^ 

#include  "skeleton^utilities .h" 
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(Bodies)+= 

void  eves2_skeleton(){ 

grab("_eves_skeleton",stdout) ; 

//  Setting  library 

print  f  ( '•  \n«eves-l  ibrary»=\n"  ) ; 
(eves-library) 

/ /  Loading  theories 

printf  ("\n«eves-load  theories»=\n") ; 

{eves  load  theories) 


>: 


8.7,2  priiit_eves_axiom 

{Bodies)+=  . 

void  print_eves_axiom(char  *kind,  char  *module_name,  Str  *nanie. 

S_exp_list  *vbls,  S_exp  *formula,  FILE  *f){ 

fprintf  (f ,  ’•\n«y,s»=\n" ,  module.name)  ; 
fprintf(f ,*'(•/, s  Xs  (",  kind,  naiiie->str) ; 
if  (!  vbls->isEiapty())  {vbls->eves_print(f ) ;> 

fprintf (f , ")\n\t") : 
formula->eves_print(f ) ; 
fprintf (f,")\n"); 


8.7.3  print  _eves_family 

(Bodies) += 

void  print_eves_faiBily(char  *kind,  char  *inodule_ncime ,  Str  *name_stub, 

S_exp_list  *vbls, 

S_exp_list  *fml_list,  FILE  *f){ 

while  (!  fml_list->isEinpty()  &&  finl_list  !=  NULL  ){ 
print_eves_axioin(kind,  inodule_naine , 

EvesStrNaine(ncime_stub)  , 
vbls,  fral_list->head() ,  f); 
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> 

}; 

8.7.4  eves^taut^check 

{Bodits)-\~= 

void  eves^t aut .check (Str*  event .name,  S.exp*  fml){ 

Str  *name_stub  =  new  Str(**eventS’'not-ignored~‘*) ; 

print.axiomC' event s-not~ignored” , 

EvesStrNameC  (n2ime.stub->append(  event  .name)  )  )  , 
new  S.exp.list,  fml,  stdout); 

>; 


8.7.5  eves_table_check 

{Include  files)-\-= 

#include  **s_exp.utilities  .h” 


{Bodies)-\-= 

void  eves.table.check(Str  *key,  S.exp.list  ♦fml.list){ 

Str  ^exhaustive  =  new  StrC^cond-state-exhaustive-") ; 

Str  ^exclusive  =  new  Str(*'cond-state-exclusive-") ; 

print.axiom("conditional-states-well-def  ined'*, 

EvesStrName( (exhaust ive”>append (key) ) ) , 
new  S.exp.list, 

(new  S.exp.list)->Or() , 

/*  fml.list->Or() ,  ♦/ 
stdout) ; 

print.axiom("conditional-states-well"-defined", 

EvesStrName ( (exclusive->append(key) ) ) , 

new  S.exp.list,  mutual.exclusion(fml.list)->And() ,  stdout); 


>; 
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8.7.6 


print^eves^functionjstub 

{Bodies) 

void  priiit_eves_fimctioii_stub(chax  *module_name,  Str  ♦name, 

S_exp_list  ♦vbls,  FILE  ♦!){ 

f print! (f ,  “\n«*/,s»=\n*‘ ,  module^name)  ; 
fprintf  (f  ,'*(function“Stub  '/.s  (“  ,naine->str)  ; 
vbls->eves_print(f ) ; 
f print!  (f  ,'*)  )\n*' ,  najne->str)  ; 

>; 


8.7.7  declare_in_state 

{Bodies)-\-~ 

void  declare_in_state(Str  ♦naine){ 

print_eves_!imction_stub(**in~state  decls**,  ncime, 

new  S_exp_list,  stdout); 

>; 


8.7.8  print^tabular  ^definition 

{Bodies)-\-= 

void  print_tabular_de!init ion (char  *modnle_name,  Str  ♦name, 

S_exp_list  ♦vbls,  CaseList  ♦c_list,FILE  ♦!){ 


Str  ♦name_stub  =  (new  Str(“tabiilar-de!-’o!-"))->append(name) ; 


print_!rule_!amily  (module_name , 
name_stiib, 
vbls, 

as_S_exp_list (enlist , 

new  Applicat ion (name, vbls) ) , 


>; 


8.7.9  declare_disjoin 

(Bodies) += 
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void  declare_disjoiii(iiit  arity){ 

S_exp_list  *argiiinents  =  new  S_exp_list() ; 

Str  ^disjoin  =  new  Str (decorate ( **disj oin"  ,arity)  )  ; 
Str  ♦argn; 


for  (int  i  =  arity;  i  >=1;  i — ){ 
argn  =  new  Str(decorate(**arg‘* ,  i))  ; 

arguments  =  new  S_exp_list  (new  Variable ( argn)  ,  arguments )  ; 

} 

print_eves^function_stub(*'disjoin  operators",  disjoin, 
arguments,  stdout); 

>; 


8.7.10  two  -child.or  _rule 

Recall  that  EQ_SIGN  has  been  defined  as  a  pointer  to  Str(”=:”) 

void  two_child_or_rule(S_exp  ^parent,  S_exp  ♦childl,  S^exp  *child2)-C 

Str  *cLrrow  =  new  Str("->")  ; 

Str  ♦not  =  new  Str ("not-"); 

Str  ♦first .name  =  not->append(childl->PConnName() )-> 
app  end ( arrow ) -> 

append(parent->PConnName())->append(Eq.SIGN)-> 
append(child2->PConnName()) ; 

Str  ♦second.name  =  not->append(child2->PConnName() )-> 
append (arrow) -> 

append(parent->PConnName())->append(EQ.SIGN)-> 
append(childl->PConnNcLme()) ; 

print.f rule("a2temative-or  frules" , 
first. name, 
new  S.exp.list, 

childl->Not  (  )  -Mmplies  (parent ->Equals  ( child2)  )  , 
stdout) ; 

print .frule("alternative-or  frules” , 
second.name. 
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new  S_exp_list, 

child2~>Not()->Implies(parent->Equals(childl)) , 
stdont) ; 


8.7.11  alternative.orjrules 

[Bodies)-^— 

void  alternative_or_rules(S_exp  ^parent,  S_exp_list  *chillxuis, 

Str  *stub,  int  counter)! 

int  nmn^chilluns  =  chilluns->length() ; 

S_exp  ♦childl  =  chilluns“>head() ; 

Str  *childl_naine  =  childl->PConnNaine() ; 

Str  ♦parent^name  =  parent-“>PConnNa2ne() ; 

if  (nuin_ Chilians  ==  1) 

{print_rule(*'alternative-or  f rules** , 

parent_naiae->append(EQ_SIGN)->append(childl_name) , 
new  S_exp_liGt, 
parent->Equals(childl) , 
stdout) ; 

return ;  } 

S_exp_list  ♦tail  =  chilluns“>tail() ; 

S_exp  ♦child2  =  tail*“>head() ; 

Str  ♦child2_naine  =  child2“>PConnName()  ; 

if  (num_chilluns  ==  2) 

{two_child_or_rule (parent ,  childl ,  child2)  ; } 
else 

{Str  ♦next_fn_naiae  = 

new  Str  (decorat  e(stub~>append(""'*')->str,  counter)  )  ; 

S_exp  *next_fn  =  new  Application(next_fn_naiae) ; 

print_eves_function_stub(**alternative-or  f rules** , 

next_f n_name , 
new  S_exp_list, 
stdout) ; 

two_child_or_rule (parent , childl , next _fn) ; 
alternative_or_rules (next _fn, tail, stub, count er+1) ;]• 
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Chapter  9 

PVS 


This  chapter  contains  a  partly  filled  in  template  for  integrating  the  PVS  prover. 


9.1  Currently  implemented 

In  the  p  translation  we  currently  generate  the  following  PVS  theory: 

•  Unconditional  states  are  declared  as  boolean  constants,  and  axioms  define  the  hierarchy  relation 
(in  particular,  the  “in  state”  and  “in  one  oP  predicates). 

The  following  theory  is  generated  for  EVES  in  the  E  traversal,  and  should  be  immediate  PVS: 

•  RSML  constants  are  declared  and  axioms  define  their  initial  values. 

•  RSML  in  variables  are  declared  as  unspecified  real-valued  constants. 

Note  that  RSML  variables  should  really  be  modeled  as  real- valued  functions  of  time. 

•  The  definitions  of  RSML  functions  are  entered  as  axioms. 

Out  variables  are  ignored.  Timeout  events  are  ignored,  and  predicates  referring  to  the  timed  prop¬ 
erties  of  variables  are  dummied  to  the  formula  “false.”  (It  might  be  more  informative  to  dummy  them 
as  distinct  unspecified  constants  with  suitable  mnemonic  names.) 

We  generate  candidate  theorems  corresponding  to  the  following  tests: 

•  The  conditions  for  exiting  from  each  conditional  state  are  complete  and  consistent. 

•  For  each  event,  the  conditions  for  transitions  triggered  by  the  event  are  complete. 

The  E  traversal  also  generates  the  assertion  saying  that  the  table  defining  each  rsml  function  is 
complete  and  consistent. 
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9.2  Preliminaries 

The  flag  coding  the  name  of  the  PVS  traversal  is  pvs. 

{Globals)-\-= 
int  pvs  =  0; 


pvs  is  declared  as  a  traversal  by  an  Ox  traversal  declaration: 

(Traversals) += 

©traversal  ©preorder  pvs 


The  type  of  the  global  state  for  the  translation: 

(Include  files)’i~= 

#inclTide  *'pvs_state  .h" 


The  variable  representing  the  state  is  pvs_state: 
( Globals) 

pvs_state  my_pvs_state; 


The  command  line  argument  choosing  this  traversal  is  *p* 

(Switches  for  traversals) += 
case  ^p^  :  pvs  =  1;  break; 


Basic  classes  needed  to  define  the  attributes  and  the  traversal  actions: 

(Include  files)-{-~ 

#include  *'pvs_types  .h" 


9.3  Attribute  declarations 

All  the  “basic”  attributes  are  declared  in  attribute-declaLrations  .nw.  This  section  contains  the 
declarations  of  applications  specific  to  a  particular  translation.  The  attributes  defined  for  the  grammar 
symbol  “BAR”  go  in  the  module  “BAR  attributes”.  The  list  of  all  possible  attribute  modules  can  be 
found  in  the  file  attribute_modules .nw. 
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9.4  Auxiliary  functions 

9.4.1  Printing  constant  declarations 

PVS  constant  declarations  can,  in  general,  be  pretty  complicated,  and  there  are  many  equivalent  forms 
for  providing  the  same  definition.  For  example, 

g(x:iiit):int  =  x+1 

is  equivalent  to 

g  :  [int  ->  int] 

g:  AXIOM  g  =  (LAMBDA  (x:int):  x+1) 

and  also  equivalent  to 

x:  VAR  int 
g(x) : int  =  x+1 

For  present  purposes  I’ll  '"normalize”  all  definitions  into  the  second  form,  so  that  the  declaration 
itself,  which  occupies  the  first  line,  simply  associates  a  name  with  a  type  expression  (and,  for  now,  the 
type  of  type  expressions  will  be  dummied  out  to  Str.  Thus  we  have 

{Function  head€rs)-\-= 

void  print_pvs_const_decl(char  ♦module^name,  Str  ♦name, 

PVS.type^exp  ♦type.exp,  FILE  ♦!); 


This  puts  the  declaration  name  :  type^exp  into  the  noweb  module  “module_name.” 
Following  the  pattern  used  for  EVES,  we  specialize  the  preceding  function  to 

{Function  headers)-\-^ 
void  pvs_declare_in_state(Str  ♦name); 


which  declares  *iiaine  as  a  boolean  constant  and  puts  its  declaration  into  the  noweb  module  “pvs-in-state 
decls”. 

9.4.2  Printing  formulas 

print_pvs_fonnula  prints  a  PVS  formula  which  will  be  put  into  the  noweb  module  named  module_name; 
the  name  of  the  rule  is  name  and  its  body  is  formula. 

{Function  headers)+= 

void  print_pvs_formula(char  *kind,  char  *module_name,  Str  *name, 

S_exp  ^formula,  FILE  *f ) ; 
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{C  Macros)+= 

#define  priiit_pvs_axiom(module_name ,  name, formula,!)  \ 

print_pvs_f ormula(”axiom’*  ,module_name ,  name , formula , f ) 


#define  print_pvs_theorem(module_name,  name,! ormula,f )  \ 

print_pvs_formula( "theorem" , module^name ,  name , formula , f ) 


As  in  the  EVES  case,  print_pvs_f  amily  is  the  analogous  operation  for  list  of  formulas.  Limitations  (as 
in  the  EVES  case):  all  formulas  of  the  same  kind  (theorem,  axiom,  etc.)  and  all  inserted  into  the  same 

module_name.  The  names  will  be  things  like  "name_stub _ 36",  "name_stub _ 37",  etc.  You’ll  have  no 

control  over  which  integer;  but  all  will  be  distinct. 

{Function  headeTs)-\-= 

void  pr int_p vs .family (chcLT  *kind,  char  ♦module.name,  Str  *name.stub, 

S.exp.list  *fml.list,  FILE  ♦!); 


{C  Macros) 

#define  print.pvs.axiom.f amily(module_name,  name.stub,  f ml. list,!)  \ 
print.pvs.f amilyC'ajciom" ,module.name,  name. stub,  f ml. list,!) 

#define  print.pvs.theorem.f amily(module_name,  name. stub,  f ml. list,!)  \ 
print.pvs.familyC" theorem", module.narae,  name. stub,  fml.list,!) 


And  an  analogous  operation  for  printing  formula  tables.  Right  now  I  don’t  know  how  rich  the  type  of 
formula  tables  will  ultimately  become,  so  I’ll  just  define  an  operation  that  prints  the  tautology  check  for 
formula  tables.  The  tautology  check  for  event  Foo  will  be  printed  as  a  PVS  theorem  named  something 
like  "Foo.tautology.check _ 17". 

{Include  files)-\-= 

#include  "formula. table . h" 


{Function  headers) += 

void  pvs_taut.check(Str*  event .name,  S.exp*  fml) ; 


All  the  names  for  the  PVS  formulas  are  generated  in  the  same  way.  The  expected  use  of  the  macro 
EvesCharName  is  to  replace  x  with  a  string  literal.  The  expected  use  of  the  macro  EvesStrName  is  to 
replace  x  with  a  Str. 
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{C  Macros)-\-~ 

#define  PvsStrName(x)  \ 

x->append(new  Str(iay_pvs_state . suf f ix() ) ) 
#define  P  vs  Char  Name  (x)  PvsStrName((iiew  Str(x))) 


9.4,3  PVS  skeleton 

The  skeleton  of  a  noweb  file  whose  tangling  will  accumulate  the  translation: 

{Function  headtrs)-{-^ 

void  pvs_skeleton() ; 


9.5  Attribute  definitions 

Currently,  all  attributes  are  defined  in  attribute-def  initions  .nw. 

9.6  Traversal  actions 

9.6.1  For  the  production  system 

The  system  name  is  the  name  of  the  top-level  PVS  theory. 

{system-.SYSTEM  SYSTEM.NAME  component. list  END  SYSTEM 

SECTION.SEPARATOR  )+= 

Opvs  if  (pvs)  { 

pvs^skeletonO  ; 

printf  ('*\ii«system  name»=\n*’) ; 

®SYSTEM_NAME .  strO->priiit  (  stdout )  ; 

} 

9.6.2  For  the  component  productions 

{component  Jisi:)-\-= 

{component  Jisi: component Jist  componeni^def  )+= 
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To  the  module  for  defining  the  state  hierarchy  we  add  the  axiom  saying  that  the  top-most  state  of  a 
component  (regarded  as  a  Boolean)  is  always  true. 

We  generate  the  tautology  check  for  state  events. 

STILL  TO  DO:  Generate  the  table  check  for  conditional  states. 

{componeni.def:COMPONENT  COMPONENT.NAME  END  COMPONENT 

)+= 


{component-def: long, case  )+= 

(9pvs  if  (pvs)  { 

pr int _p vs _ax iom ( 

"pvs-rules-def ining-state-hierarchy" , 
PvsCharNcune("in_top_state'*) , 

CD  component  _def .  in_top_state® , 
stdont) ; 


> 


Qtransition_or_transition_bns_def _list . computed_etests(0-> 
do_it (pvs_tant_check) ; 


( CO  mp  oneniJocation:  COMP  ONEN  T,N A  ME  )  -{- = 


{component  Jocaiion:  EXTERN  A  L  )-!-= 


9.6.3  For  the  states  productions 

{siaie^def:OR^STATE^TOKEN  STATE^NAME  DEFA  ULT  STATE^NAME 
'P  staie-charisJisi  END  ORSTATEPTOKEN  )+= 

Opvs  if  (pvs)  { 

pvs_declcLre_in_stat e (®STATE_NAME .  0 .  strO)  ; 

print_pvs_axiom_f  amily("pvs''Child’*parent  rules" , 
new  Str(" child. implies_parent") , 

(Dstat  e.def .  children.imply.parent® , 
stdout) ; 

print.pvs_axiom("pvs-parent-implies“Children  rules" , 
PvsCharName ( "or.parent. implies. children" ) , 
®stat e.def . parent. implies. children® , 
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stdont) ; 


print.pvs_axiom_f  ainily("pvs-iiicompatible-or--sib  rules” , 
new  Str(”incorapatible_or_sibs'') , 

(Ostate_def .  incoinpatible_siblingsQ, 
stdout) ; 

printf (”\n") ; 

} 


In  the  case  of  an  AND-state  we  do  the  following  things: 

•  Declare  the  state  name  as  a  new  constant. 

•  Generate  the  child-parent  and  the  parent-implies-children  rules. 

{staie^def:AND.STATE^TOKEN  STATE.NAME  state^chartsJisi 
END  AND^STATE-TOKEN  )+= 

®pvs  if  (pvs)  { 

pvs_declare_in_stat e (OSTATE^NAME . 0 . str® ) ; 

print _pvs_axiom_fainily(”pvs-child-paxent  rules” , 
new  Str(”child_implies_parent”) , 

®state_def .  children_iinply_parent® , 
stdout) ; 

print _pvs_sLxiom(”pvs~parent”implies-children  rules” , 
PvsCharNanie(”and_parent_implies_children”) , 
®stat  e_def .  par  ent_iinplies_  children® , 
stdout) ; 


} 


OR-arrays  of  states  are  not  supported. 

{state.def:OR-ARRAY  STATEJfAME  ’[’INTEGER  ’]’  ’:’  state-charts  Jist 
END  OR.ARRAY)+= 


AND-arrays  of  states  are  not  supported. 
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{siaie^def:AND-ARRAY  STATE^NAME  f  INTEGER  f  staie.chartsJisi 
END  AND.ARRAY)-\-= 


We  declare  the  names  of  atomic  states  as  constants. 
{siate,def:ATOMIC  STATE.NAME 
®pvs  if  (pvs)  { 

pvs_declare_iii_state(®STATE_NAME .  0 .  str®)  ; 

} 


Conditional  states  do  not  figure  in  the  hierarchy,  as  they’re  not  real  states  -  you’re  never  actually  in 
one,  so  we  declare  nothing  and  generate  nothing. 

(siate.def:CONDITIONAL  STATE-NAME  ’;’)+= 

State  charts  lists  are  not  supported. 

{staie-charisJist:siat€-d€f)-\-~ 

{state -charisJist:siate-charisJist  siate-def  )+= 


9.6.4  For  the  constants  productions 

NOTE:  constant  declarations  and  definitions  are  done  for  EVES. 

9.6.5  For  the  variables  productions 
NOTE:  variable  declarations  are  done  for  EVES. 

9.6.6  For  the  events  productions 

9.6.7  For  the  interfaces  productions 

9.6.8  For  the  macros  productions 

9.6.9  For  the  functions  productions 

NOTE:  RSML  function  declarations  and  definitions  are  done  for  EVES. 
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9.6.10  For  the  transition  busses  productions 

9.6.11  For  the  transitions  productions 

9.6.12  For  the  predicate  productions 

9.6.13  For  the  conditions  productions 

9.6.14  For  the  expressions  productions 

9.7  Bodies  of  auxiliary  functions 

Because  this  text  is  being  run  through  notangle  the  module  brackets  which  are  to  appear  in  the  printed 
code  must  be  escaped  with  ©-signs. 

9.7.1  pvs^const-decl 

{Bodies)-{-^ 

void  print_pvs_const_decl(cliax  ♦module^name ,  Str  ♦name, 

PVS„type_exp  ♦type^exp,  FILE  ♦!){ 
fprintf  (f  ,  "\n«%s»=\n"  ,  module^name)  ; 
fprintf  (f  ,"y,s  :  name~>str)  ; 

type_exp->print(f ) ; 
fprintf  (f  ,**\n”) ; 

}; 


9.7.2  pvs_declare_in_state 

{Bodies)-\-= 

void  pvs_declare_in_state(Str  ♦naine){ 

pr int^pvs_const^decl ( "pvs-in-stat e  decls " , name ,  PVS^bool ,  stdout )  ; 

>; 

9.7.3  print_pvs_formula 

{Bodies)-\-= 

void  print_pvs^formnla(char  ♦kind,  char  ♦modTile_name ,  Str  ♦name, 

S_exp  ♦formula,  FILE  ♦f)! 

fprintf  (f ,  ”\n«y,s»=\n** ,  modal e_name)  ; 
name““>print(f )  ; 
f  printf  (f ,  :  y,s  ",  kind); 
formula->pvs_print(f ) ; 
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fprintf (f ,"\n"); 

>; 


9.7.4  print  _pvs_family 

{Bodits)^^ 

void  print_pvs_f cLmilyCchcir  *kind,  char  ♦roodule_naine,  Str  *naine_stub, 

S_exp_list  FILE  *f){ 

while  (!  fml_list~>isEmpty()  &&  fml^list  !=  NULL  ){ 
print  _p  vs  _axiom(module_iicLme , 

PvsStrNaine(naine_stiib) , 
fml_list->head() ,  f); 
fml_list  =  fml_list->tail() ; 

> 


>; 


9.7.5  pvs_taut_check 

{Bodies)-^= 

void  pvs_taut_check(Str*  event_naine,  S_exp*  finl){ 

Str  *naine_stub  =  new  Str("tautology_check_”)  ; 

print  _pvs_theorem("pvs’’events“not-ignored'‘ , 

PvsStrNameC  (naitie_stub->append( event _naine)  )  )  , 
Iml,  stdont) ; 


>; 


9.7.6  pvs_skeleton 

Notangling  will  put  module  “pvs  skeleton”  into  the  file  _pvs_skeleton. 
Top-level  structure: 

{pvs  skeleton)= 

«:►»  = 

«system  name>>  :  THEORY 
«pvs-export  ings» 

BEGIN 
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«pvs~assimiings» 
«pvs-"theory  paxt» 
END  «system  naine» 


The  only  part  currently  populated  is  the  theory  part:  type  declarations,  constant  declarations,  def 
declarations,  and  formulas 

{pvs  skeleton)-\-= 

«pvs-tlieory  part»= 

«pvs'-type-decl» 

«pvs“Const-decl» 

«pvs-def-decl» 

«pvs~formula» 


Formulas  define  the  state  hierarchy  and  candidate  theorems 

{pvs  skeleton)~\-= 

«pvs“f  ormula»= 

«pvs“rules-'def  ining-“State“hierarchy» 
«pvs"'caiididate“th.eorems» 


Defining  the  state  hierarachy: 

{pvs  sk€leion)-\-= 

«pvs“rules“*def  iniiig’'State-hierarcliy»= 
«pvs’- child-parent  rules» 
«pvs-parent-implies-children  rules» 
«pvs--incoiapatible“or-sib  rules» 


Candidate  theorems 
{pvs  skeleton) 

«pvs-candidate-theorenis»= 
«pvs- events -no  t-ignored» 


Boilerplate 

{pvs  skeleton)-{-= 

«pvs-export  ings»= 
«pvs-assuinings»= 
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«pvs--type-decl»= 
«pvs-const-decl»= 
«pvs-in-state  decls» 
«pvs~in-state  decls»= 
«pvs-def~decl»= 

«pvs-e  vents -no  t“ignored»= 


{Bodies)-\-= 

void  pvs„skeleton(){ 


grab(*'_pvs_skeleton**  ,stdout) 


Chapter  10 

SPIN 


Invoke  the  SPIN  traversal  with  a  command  line  that  looks  like  this 
translator  -is  <file_naine>  |  notangle 

This  code  will  look  for  the  body  of  the  driver  in  the  file  _driver_body  and  will  send  the  SPIN  model  of 
f  ile^name  to  standard  out.  If  the  name  of  the  component  is  Foo,  each  line  of  driver_body  must  look 
like 


In_Channel_Foo  !  <exp>,  <exp>, 

Unfortunately,  there  is  currently  no  way  to  know  the  types  and  meanings  of  the  <exp>s  without  running 
the  translator  once  and  inspecting  the  definition  of  the  channel  type  In_Chaiinel_Foo.  It  will  be  simple 
enough  to  provie  more  felicitous  arrangements. 


10.1  The  strategy 

10.2  Preliminaries 

The  usual  preliminaries: 

The  flag  coding  the  name  of  the  traversal  is  spin 

{Globals)+= 
int  spin  =  0; 


spin  is  declared  as  a  traversal  by  an  Ox  traversal  declaration: 

{Travers  als)-\-= 

©traversal  ©postorder  spin 
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Note  that  this  is  a  postorder  traversal.  We  will  note  the  places  in  which  postorder  is  essential. 
The  type  of  the  global  state  for  the  translation: 

{Include  files) -\-= 

#include  "spin_state  .h** 


The  variable  representing  the  state  is  spin^state: 
{Globals)-\-= 

spin^state  my_spiii_state; 


The  command  line  argument  choosing  this  traversal  is  *?* 

{Switches  for  traversals)-^'^ 

case  's'  :  spin  =  1;  break; 

IMPORTANT  NOTE:  as  things  now  stand  it  is  necessary  to  do  traversal  i  before  doing  traversal  s. 
Basic  classes  needed  to  define  the  attributes  and  the  traversal  actions: 

(Include  files)-\-= 


10.3  Attribute  declarations 

All  the  “basic”  attributes  are  declared  in  attribute-declaxations  .nw.  This  section  contains  the 
declarations  of  applications  specific  to  defining  the  SPIN  model. 

in_ channel _naine  is  the  name  of  the  channel  through  which  events  and  values  arrive  at  the  compo¬ 
nent’s  in  interface;  and  in_type_name  is  the  name  of  the  type  of  values  sent  on  this  channel. 

{componeni-def  attributes) 

Str  *in_type_najne; 

Str  *in_channel_naine; 


10.4  Auxiliary  functions 

{Function  headers)-\-= 
void  spin_skeleton() ; 
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10.5  Attribute  definitions 

{componeni.def.COMPONENT  COMPONENT.NAME  END  COMPONENT 

>+= 


®i  ® component _cief .  in_type_naitte0  = 

®C0MP0NENT_NAME .  str®->prepend(**In_Interf  ace_")  ; 

0i  ©component _def .  in^channel.ncime©  = 

©C0MP0NENT_NAME. str©->prepend(”In_C]icLnnel_") ; 


{componeni.def '.long -Case  )+= 

©i  ©component _def .  in_type_naine©  = 

©C0MP0NENT_NAME. str®->prepend("In_Interf ace_") ; 

©i  ©component _def . in_channel_name©  = 

©C0MP0NENT_NAME . str0->prepend("In_Channel_") ; 


10.6  Traversal  actions 

{Include  files)-^^ 

#inclTide  "c_style.h" 


10.6.1  For  the  production  system 

{system.-SYSTEM  SYSTEM.NAME  componenUist  END  SYSTEM 
SECTION.SEPARATOR  >+= 

Qspin  if  (spin)  {  spin_skeleton() ;  } 


10.6.2  For  the  component  productions 

Within  the  long_case  we  generate  the  name  of  the  type  and  channel  for  the  interface  of  the  (currently, 
the  unique)  component.  We  also  generate  the  declaration  of  the  process  representing  the  component, 
and  the  “init”  statement  that  runs  that  process.  Note:  the  modules  “name  of  interface  type”,  and  “name 
of  interface  channel” ,  “name  of  component,”  and  “name  of  top  level  state”  are  inserted  at  several  places 
in  the  text.  It  s  essential,  therefore,  that  those  modules  are  written  to  only  by  these  print_spin_code 
statements. 

(componeni_def:COMPONENT  COMPONENT JIAME  ’.’END  COMPONENT 

)+= 
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{component. def '.long. case  )-|-= 

®spin  if  (spin)  { 

print„spin_code("naine  of  interface  type*', 

Ocomponent^def .  in_type_ncLmeO, 
stdout) ; 

print_spin_ code ("name  of  interface  channel", 

Qcomponent_def . in^chaimel^name®, 
stdout) ; 

print_spin_code{"naine  of  top  level  state", 
(Ostate_def  .val®->str() , 
stdout) ; 

print_spin_code("naine  of  component", 

®COMPONENT_NAME . str® . 
stdout) ; 


> 

( CO m.po n e n t  Joca iion : COMPONENT.NA ME  ) += 


( compo  nent. location:  EX  TERN  A  = 


10.6.3  For  the  states  productions 

For  each  state  Foo  we  generate  SPIN  to  define  the  integer  code  for  the  state,  the  “leave”  macro,  and  the 
“enter”  macro.  In  the  SPIN  code,  the  macros  for  children  must  occur  before  those  for  parents — which 
is  automatic  if  we  generate  them  in  a  postorder  traversal.  We  also  generate  the  “set  parent”  definitions, 
and  in  this  case  the  macros  for  parents  must  occur  before  those  for  children,  which  will  automatically 
result  from  a  preorder  traversal. 

The  integer  code  definition  for  state  Foo  is 

#define  Foo  i 

where  i  is  the  unique  integer  code  for  Foo.  It’s  obtained  by  the  following  macro. 

{Ox  Macros)-^— 

©macro  SpinStateCodeO 
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print_spiii_code(*'defiiie  states**, 

def  ine.iiit_code((fiSTATE_NAME,  0 .  strO, 
®state_def . code®) , 

stdout) ; 

®eiid 


If  Foo  has  a  parent,  Bar,  then  the  “set  parent”  definition  for  Foo  is 

#define  set^parent.Foo  state  [Bar]  =TRUE;  set„pareiit_Bar ; 

If  Foo  does  not  have  a  parent,  we  generate 

#def ine  set_pareiit_Foo  statefFoo]  =TRUE; 

[This  actually  adds  a  redundant  definition.  What  we  should  do,  instead,  is  to  have  the  children  inherit 
an  attribute  telling  them  whether  their  parent  is  top-level  or  not.  In  that  case,  we  could  altogether  avoid 
defining  set__parent_Foo  for  top-level  Foo.] 

{Ox  Macros)-\-= 

Omacro  SpinSetParent () 

print_set_parent (®STATE_NAME . 0 . str® , 

®stat e_def . ancestor® , 
stdout) ; 

®end 


The  “leave”  macro  does  the  following:  For  each  non-conditional  state  A  with  non-conditional  children  B, 
C,  D,  we  generate  the  SPIN  definition: 

#define  leave^A  stateCA3=FALSE;  leave^B;  leave^C;  leave^D; 

which  is  done  by  the  following  macro: 

{Ox  Macros)’\-= 

®inacro  SpinLeavingCodeO 
print_leave_def initionC 
®STATE_NAHE.O.str®, 

UnCondStatesToStrList (®state_chaxts_list . comp_vals®) , 
stdout) ; 

®end 


The  “enter”  definition  is  slightly  more  complex.  Entering  any  non-conditional  state  means,  first  of  all, 
doing  “set  parent”  and  then  the  following: 

•  Entering  an  atomic  state  sets  it  to  true. 
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•  Entering  an  AND-state  sets  it  to  true  and  enters  all  its  children. 

•  Entering  an  OR-state  sets  it  to  true  and  enters  its  default  state.  (I  don’t  think  it’s  necessary  also 
to  explicitly  leave  all  its  siblings— that  should  come  for  free.) 

These  must  be  generated  by  a  postorder  traversal. 

As  previously  noted  conditional  states  are  not  supported:  “Entering”  a  conditional  state  doesn’t 
actually  land  us  in  the  state  rather ,  it  immediately  results  in  a  transition  (based  on  the  condition)  to 
another  state.  Semantic  problems  include  the  possibility  of  an  infinite  loop  among  conditional  transitions. 

(state.def.-OR-STATE.TOKEN  STATE.NAME  DEFAULT  STATE.NAME 
state.ckarisJisi  END  OR.STATE.TOKEN  )+= 

©spin  if  (spin)  { 

SpinStat eCode 0 
SpinLeavingCode ( ) 

print^ent  er_.or  (QSTATE^NAME .  0 .  str® , 

®STATE„NAME.l.str®, 
stdout) ; 

} 

©spin  ®r€vorder(l)  if  (spin)  { 

SpinSetParent ( ) 

> 


{staie.def:AND.STATE.TOKEN  STATE.NAME  staie.charts  list 
END  AND.STATE.TOKEN  )+= 

©spin  if  (spin)  { 

SpinStateCodeO 

SpinLeavingCode ( ) 

print^ent er_and(®STATE_KAME . str® , 

®state_chaxts_list .  comp_vals®, 
stdout) ; 

} 

©spin  ©revorderd)  if  (spin)  { 

SpinSetParent ( ) 

> 


{state.def:OR.ARRAY  STATE.NAME  ’[’INTEGER  ’]’  ’:’ siate.charts  list 
END  OR.ARRAY)+= 
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Qspin  if  (spin)  { 

printf  (*'\n/******OR-aLrrays  not  supported*******/\n”)  * 

> 

{state.def-.AND^ARRAY  STATEJfAME  ’[’INTEGER  ’]’  ’:’ state.charts  list 
END  AND.ARRA  Y  )+= 

©spin  if  (spin)  { 

printf (*'\n/******AKD-arrays  not  snpported*******/\n") ; 


{siaie^def:ATOMIC  STATE^NAME 

©spin  if  (spin)  { 

SpinStateCodeO 
print _leave_def init ion ( 

(SSTATE^NAME.O.str®, 

EmptyStrList , 
stdout) ; 

pr int_enter_atomic (OSTATE^NAME . str® , stdont ) ; 

> 

©spin  Qrevorder(l)  if  (spin)  { 

SpinSetParent ( ) 

> 


{state.def.-CONDITIONAL  STATE.NAME  ’;’}+= 

©spin  if  (spin)  { 

printf  (**\n/******Conditional  states  not  supported*******/\n*')  i 

{staie^chartsJist:siate-def)-^'^ 


{siaie-chartsJisi:siaie.charisJisi  $iaie.d€f)-{~= 


10.6,4  For  the  constants  productions 

WARNING.  The  way  we  up  constant  declarations  is  a  real  kludge.  Constants  are  declared  as  integers; 
and  things  work  only  if  the  real  literal  is  of  the  form  xxx.O. 
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(consiani.def:CONSTANT  CONSTANT.NAME  VALUE  REAL 
END  CONSTANT  )^= 


<Dspin  if  (spin)  { 

print _spin_code  ( '*def ine  constant s " , 

def  ine_int  _code  (iSCONSTANT.NAME .  strO , 
©REAL . valQ-> integer _part ( ) ) , 

stdout) ; 


> 


{constani.def:CONSTANT  CONSTANT.NAME  VALUE  V’  REAL 
END  CONSTANT  )-^= 


©spin  if  (spin)  { 

print_spin_code('*def ine  constants" , 

def ine_int_code (©CONSTANT.NAME . str©, 
“©REAL . val©-> int  eger.part ( ) ) , 

stdout) ; 


> 


{constant.ref:CONSTANT-NAME  )+= 


( constant. def. list  :)-\-= 


{constant.def. list: consiant.def. list  constani.def  )+= 


10.6.5  For  the  variables  productions 

For  now,  we  don’t  model  out  variables  or  interfaces.  We  model  an  in  interface  as  a  channel  of  size  1, 
on  which  enter  events  of  the  In.Interface  type.  This  type  is  a  struct  with  two  kinds  of  components: 
booleans,  modeling  the  arrival  of  events  at  the  interface;  bytes,  containing  the  values  received  through 
the  interface: 

typedef  Component. In.Interf ace  { 
bool  int erf ace 1; 
bool  interface2; 

byte  in.varl; 
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byte  iii_var2; 


>: 


chan  Component __In_Channel  =  [1]  of  {Component_In_Interface3‘; 

Thus,  the  declaration  of  each  in  variable  and  of  each  in  interface  enters  one  component  into  this  struct, 
by  entering  it  into  the  “component  of  in  interface”  module.  We  will  declare  a  local  variable,  input  that 
gets  these  input  values,  via  a  ?  input  command. 

We  also  declare  local  variables,  corresponding  exactly  to  the  RSML  input  variables,  which  are  set  by 
receipt  of  inputs: 

int  in^varl; 
int  in_var2; 


That  is,  in_varl  will  be  updated  from  input  .in^varl.  In  the  current,  simplified,  semantics  this  extra 
layer  is  unnecessary  (since  we  could  work  directly  with  input .  in.varl),  but  it  may  add  some  flexibility 
later  in  modeling  variables  as  functions  of  time.  We  enter  these  into  the  “declare  in  variables”  module. 

(in.variable.def:IN.VARIABLE  IN^VAR.NAME  TYPE  ’-.’NUMERIC 
expected-Ttiin  expected-max  min-gran  max-gran  END  IN  VARIABLE 
)+= 

®spin  if  (spin)  { 

print _spin_code(" component  of  in  interface'*, 

®IN_VAR_NAME.  strO->prepend("\tbyte  **)-->append(" ;  \n")  , 
stdout) ; 

print_spin_code( "declare  in  vciriables", 

®IN^VAR_NAME.strQ->prepend("\tint  ")->append(";\n") , 
stdout) ; 

} 


{out-variable-def:OUT-VARIABLE  OUT-VAR-NAME  ’:’  TYPE  ’:’ 
NUMERIC  expected.min  expecied.max  min.gran  max.gran  ASSIGNMENT 
’-.’expression  TRIGGER  ’:’  evenCref  END  OUT-VARIABLE  )+= 


{expected  jmin:)-\-= 


{expected.min:EXPECTED.MIN  ’.-’REAL  )+= 
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{ex'pectedjmax:)-\~^ 


{expecied.max:EXPECTEDMAX  REAL  )+= 
{min.gran:)-\-= 

{min.gran:MIN.GRAN  REAL  )-f= 

{max  ^g  ran 

{max^gran:MAX^GRAN  REAL  )+= 

( injvariable.refilN.  VA R-NA ME  ) -\-= 
{ouEvariable-ref:OUT.VAR-NAME  )+= 
{in.variable,ass:IN.VAR.NAME  }+= 

( out^variablc-ass: OUT^VA R^NA ME  ) -\-= 
{in-variable^defJist:)+= 

{in.variable.defJisLinjvariable^defJist  in-variable.def 

)+= 

{oui-variable.defJisi:)-\-= 

{oui^variable-defJist.ouEvariable^defJisi  outjvariablc-def 

)+= 

(in^variable-lisi:)+= 
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{in.variableJisiiin-variable^ass  )+= 


{in-variableJisi:in^variableJist  \  ’  in^variable^ass  )4'= 


{variable:  out  jvariablejref  )-\-^ 


{variable  :in  jvariable.ref 


{variablejref:PREV  '('REAL  inMriable^ref)A-= 


10.6*6  For  the  events  productions 

We  generate  an  integer  code  for  each  event;  in  addition,  for  each  state  event,  we  generate  one  clause  of 
the  test  for  whether  to  break  out  of  the  microloop. 


{Ox  Macros)-\-^ 

Qmacro  SpinEventCodeO 

priiit_spiii_code( "define  events" , 

def ine_int_code(QEVENT_NAME. 0 . str® , 
®event_def . code®) , 


stdout) ; 


®end 


{ eventide fJisi:)  += 


{event-defJist:event.defJist  eveni-def  )+= 


If  any  new  state  event  is  generated  in  a  pass  of  the  microloop  we  must  set  the  variable  cont  inue_microloop: 
if 

::  event CEVENT_NAME]  ->  continue.microloop  =  TRUE;  break 
: ;  else  ->  skip 

fi; 

The  point  of  the  break  is  that  once  we’ve  found  one  such  there’s  no  need  to  test  any  of  the  others. 
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{event.def:EVENT  EVENT^NAME  STATE  y)A= 


©spin  if  (spin)  i 

SpinEventCode ( ) 

fprintf  (stdout , *’\n« check  next  state  event»=\n‘')  ; 
fprintf(stdout,  "event  [*') ; 

®EVENT_NAME . str®~>print (stdont ) ; 
f  pr  intf  (  stdont , "]  11*0; 

} 

{eveni.def: EVENT  EVENT^NAME  VARIABLE  Y)+= 

Ospin  if  (spin)  { 

SpinEventCode ( ) 

} 

(event.def:EVENT  EVENT^NAME  INTERFACE  Y  )4-~ 

Ospin  if  (spin)  { 

SpinEventCode ( ) 

} 

{€V€ni.ref:EVENT.NAME  )+= 


{eveniJisi:)-\-= 


{€V€niJist:ev€nt-r€f  )-\-= 


{event -list: event Jisi  V  event-ref)-\-= 


10*6,7  For  the  interfaces  productions 

For  the  stuff  put  int  “component  of  interface”  see  section  10.6.5.  We  compile  the  interface  declaration 

IN.INTERFACE  TempSensor  : 

SOURCE  :  EXTERNAL 

TRIGGER  :  RECEIVE  (Temp_Status ,  Temperature) 
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SELECTION  :  TRUE 
ACTION  :  Temp_Report ..Event 
END  IN.INTERFACE 

into  one  clause  of  an  statement: 

:  :  input  .TempSensor  &&  TRUE  -> 

event  [Tenip_Report_Event]  =  TRUE; 

Temperature  =  input . Temperature ; 

Temp_Status  =  input .Tempos tat us; 

This  code  goes  into  the  “receive  inputs”  module,  which  will  itself  be  surrounding  by  the  if  ...  fi; 
brackets.  There  is  no  “else”  clause:  our  assumption  is  that  for  each  input,  precisely  one  of  the  boolean 
flags  will  be  set. 

NOTE:  For  now,  the  SELECTION  will  always  be  dummied  to  TRUE. 

(inJnierface.d€fJisi:)^= 

{inJnierface-defJisi:inJnierface-defJisi  inJnterface-def 


{inJnierface.def:INJNTERFACE  INJNTERFACE.NAME  SOURCE 
'U  component Jocaiion  TRIGGER  RECEIVE  in^variableJisi 
selection.condition  ACTION  'F  event  .list  END  INJNTERFACE 

^spin  if  (spin)  { 

print_spin_code(" component  of  in  interface", 

®IN_INTERFACE_NAME. str(S->prepend("\tbool  *') 
->append(";\n") , 

stdout) ; 

spin_receive..inputs((DIN..INTERFACE.NAME.strQ, 

Qin_variable_list . computed_valQ, 
true_S_ptr, 

®event_list . computed^ events®, 
stdout) ; 


> 

{outJnterfac€.defJist:)+= 
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{ouiJnterface-defJist.'outJnierface^defJist  ouiJnterface.def 
)+= 


{ouUnierface.def.OUTJNTERFACE  OUTJNTERFACE.NAME 
DESTINATION  component Jocation  TRIGGER  event. ref 

selection.conditwn  ACTION  'N  SEND  parameter Jist 

END  OUTJNTERFACE)-^^ 


(outJnterface.def  OUTJNTERFACE  OUTJNTERFACE.NAME 
DESTINATION  N  component  .location  \  ^  IN.INTERFACE.NAME 
TRIGGER  'r  event.ref  selection.condition  ACTION  SEND 
parameterJisi  END  OUT.INTERFACE)A= 


{selection.conditioi}:)-\~^ 


{selection.condiiioniSELECTION  condition  )-!-:= 


10.6.8  For  the  macros  productions 

10.6.9  For  the  functions  productions 

10.6.10  For  the  transition  busses  productions 

10.6.11  For  the  transitions  productions 

We  generate  an  integer  code  for  each  transition  and  define  the  effect  of  each  transition.  We  also  generate 
the  set  of  assignment  statements  that  sets  the  traiis_ enabled  array  at  the  top  of  each  microloop. 


{Ox  Macros) -\-= 

(Omacro  SpinTransitionCodeO 

print_spin_code( "define  trams it ions" , 

def  ine.int  ^code  ((DTRANSITI0N_NAME .  0 .  str© , 
©trams it ion_def .  code©)  , 


stdont) ; 


©end 


Suppose  that  transition  tr  is 
•  triggered  by  Trig 
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•  under  condition  Sitch 

•  goes  from  Out  Of 

•  goes  to  InTo 

•  actually  leaves  Leaving 

•  and  generates  actions  al,  a2,  ... 

We  generate  the  following  sequence  of  definitions: 

#define  cond_tr  Sitch 

#define  enabled.tr  state [OutOf]  &&  event [Trig]  &&  cond_tr 
#define  take_tr  selected[tr]=FALSE;  leave_Leaving ;  enter_InTo; 
#define  action^tr  event [Trig]  =  FALSE; 

event [act ionl3=TRUE;  event [act ion2]=TRUE;  ... 

In  module  “update  trans .enabled”  we  enter  statements  of  the  form: 

trans_enabled[trans]  =  enabled_trans ; 

for  each  transition  trans. 

In  module  “make  allowed  transitions”  we  enter  statements  of  the  form: 
if 

selected[tl]  ->  take_tl;  actioii_tl 
: :  else  ->skip 

fi; 

for  each  transition  trans. 

{iransiiion^defJisi:)-}-= 


{iransiiion^defJisi:transition-defJisi  transiiion.def 

)+= 

{iransitionMf:TRANSITION  TRANSITION^NAME  FROM  STATE.NAME 
TO  STATE^NAME  transiiionjmaybe-irigger  iransiiion^maybe-cond 
transHion.maybe.aciion  END  TRANSITION  )+= 

Ospin  if  (spin)  { 

SpinTransit ionCode ( ) 
print^transit ion_def ( 

(DTRANSITION.NAME .  str® , 

^transit ion_def . trigger.nameO , 
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(Dt rails  it  ion_def .  fmKD , 

©transit  ion^def .  act  ions^names© , 

©t  rans  it  ion_def .  t  o_naine© , 

©trans  it  ion^def .  f  roin_naine© , 

©transition^def . leaves^name©, 
stdont) ; 

pr int_spin_code ( 

"update  trans_enabled" , 

select 1 (TransEnabled, ©TRANSITION^NAME . str©) -> 
append  ("  =  ^')”> 

append(PREFIX„ENABLED(QTRANSITION^NAME.str®))-> 

append(";"), 

stdout) ; 

pr int„spin_code ( 

"make  allowed  transitions", 
select 1 (Selected , ©TRANSITION^NAME . str©) -> 
prepend (" if  \n:  :  ")-•> 
append ("  ->  ")-> 

append(C0MP0SE2(PREFIX^TAKE(®TRANSITI0N_NAME. str©) , 

PREFIX^ACTION(©TRANSITION_NAME . str©) ) )“> 
append("\n:  :  else  -’>  skipXnfi;"), 

stdout) ; 

> 


{iransitionjinayheAriggeT:)-\-^ 

{iransiiionjmayheA.rigger:TRIGGER  eveni-ref  )-\-= 

{transition-maybe-iriggeriTRIGGER  TIMEOUT  ^('simple-expression 
\  '  expression  ') '  }-f = 

(transiiion-mayhe-cond:)'\-^ 

{iransiiion-maybe-cond: CONDITION  condition  )-\-~ 
itransiiionjmaybe-aciion:)-\-= 
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{transHion.maybe.action: ACTION  event Jist  )+= 


10.6.12  For  the  predicate  productions 

10.6.13  For  the  conditions  productions 

10.6.14  For  the  expressions  productions 

10.7  Bodies  of  auxiliary  functions 

Because  this  text  is  being  run  through  notangle  the  module  brackets  which  are  to  appear  in  the  printed 
code  must  be  escaped  with  ©-signs. 

NOTE:  Currently  assuming  that  the  number  of  events  to  be  counted  is  the  total  number  of  events — 
but  we  may  want  separate  arrays  for  separate  kinds  of  events. 

NOTE:  Right  now  only  one  chunk  of  skeleton  text  is  stored  in  a  separate  file  and  simply  “grabbed”; 
it  would  probably  make  life  easier  to  maintain  more  of  the  text  that  way. 

{Include  file$)+^ 

#include  "skeleton_utilities .h” 


The  text  of  module  “spin  skeleton”  provides  the  top-level  organization  of  the  SPIN  code.  It  will  be 
notangled  into  the  file  _spin_skeleton,  and  retrieved  by  grab  inside  the  body  of  spin_skeleton. 
NOTE:  The  initial  blank  line  in  the  first  definition  of  “spin  skeleton”  is  crucial — it  guarantees  that  the 
start  symbol  occurs  at  the  beginning  of  a  line. 

{spin  skeleton)^ 

«♦»= 

#define  TRUE  1 
#define  FALSE  0 
#define  TIME  int 

«set  Tip  state  array» 

«define  states» 

«define  set  parent» 

«define  leave  actions» 

«define  conditional  transitions» 

«define  enter  actions» 

«define  const  ant  s» 

«define  interface  type» 

«set  up  event  array» 
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«d€fine  events» 

«define  rsml  functions» 
«defiiie  rsml  macros» 

«set  up  transition  array s» 
«define  transitions» 
«define  main  spin  process» 
«define  driver» 

«run  process» 


Declare  the  type  and  channel  of  the  In  interface 

{spin  skeleton) -\~~ 

«define  interface  type»= 
typedef  «name  of  interface  type»  { 
«compon€nt  of  in  interface» 

>; 


chan  «name  of  interface  channel»  =  [1]  of  {«name  of  interface  type»}; 


Define  the  main  SPIN  process 

{spin  skeleton) -\-= 

«define  main  spin  process»= 
proctype  «name  of  component»  ()  { 
int  i; 

bool  continue^microloop; 

«ncime  of  interface  type»  input; 

«declaxe  in  variables» 

«initialize  compat» 

enter_«name  of  top  level  state»; 

end:  do  /♦  Label  makes  this  an  OK  end-state  ♦/ 

«name  of  interface  channel»  ?  input; 

atomicfdo  /*  Top  of  microstep  loop  */ 

if 

«receive  input s» 
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«Tipdate  traiis_enabled» 

i  =  0; 
do 

: :  i  <  transition.count  -> 
if 

::  trans_enabledCi]  &&  !  selected[i]  -> 
int  j  =  0; 
selected [i]  =  TRUE; 
do 

if 

: :  j  <  trans it ion_ count  -> 
if 

::  selectedCj]  &&  !  compatibleCi , j)  -> 
selected [i]  =  FALSE;  breeds 
: :  else  ->  skip 
fi; 

:  :  else  “*>  skip 

fi; 

j++; 

od; 

: :  else  ->  skip 

fi; 

i++; 

: :  else  ->  break 
od; 

«inake  allowed  traiisitions» 

«check  event  consuinption» 

i  =  0; 
do 

::  i  <  transition_count  ->  trans„enabledCi]=FALSE;  i++ 
: :  else  ~>  break; 
od; 

continue_microloop  = 
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«check  next  state  event» 

FALSE; 

/♦  The  break  in  this  next  statement  quits  the  microloop*/ 
if 

:  :  continue_microloop  =  FALSE  ->  break 
: :  else  ->  skip 

fi; 

od;  /*  end  of  micro  step  loop  */ 

> 

«output  actions» 

od  /♦  end  of  macro  loop  ♦/ 

} 


Define  the  driver 

{spin  skeleion)-\-~ 

«define  driver»= 
proctype  Driver  ()  { 

«get  driver  body» 

> 

Define  the  initial  process 

{spin  skcleion)-\-~ 

«run  process»= 

init  {  run  «name  of  component»  (); 
run  Driver ()} 


Boilerplate 

{spin  skeleion)-\-= 

«define  set  paxent»= 

«define  states»= 

«define  leave  actions»= 

«define  conditional  transitions»= 
«define  enter  actions»= 

«define  constants»= 

«define  event s»= 
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«define  transit  ions  »= 
«define  rsml  functions»= 
«define  rsml  macros»= 
«componeiit  of  in  interface»= 
«ncLme  of  interface  type»= 
«name  of  interface  channel»= 
«2iame  of  top  level  state»= 
«receive  inputs»= 

«update  trans_enabled»= 
«find  maximal  enabled  set»= 
«make  allowed  transitions»= 
«check  event  consnmption»= 
«check  next  state  event»= 
«output  actions»= 

«rnn  process»= 

«declare  in  variables»= 


{Bodies) 

void  spin_skeleton(){ 

grab("_spin_skeletoii'*  ,stdout)  ; 

//  Setting  up  state  definitions;  note  that  SPIN  doesn't  like 
//  arrays  of  size  0 

printf  ("\n«set  up  state  array»=\n") ; 
if  (  glob.number_of_states()  >  0  ) 

{  printf  (*’#define  state^count  y,d\n"  ,glob.number_of  .statesO)  ; 
printf ("bool  state Cstate_count] ;\n") ; 

> 

//  Setting  up  event  definitions 

printf  ("\n«set  up  event  array»=\n"); 
if  (  glob.number_of_events()  >  0  ) 

i  printf  ("#define  event^count  '/dXn" , glob, number_of .events ())  ; 
printf ( "bool  event [event. count] ; " ) ; 

> 

//  Setting  up  transition  definitions 

printf  ("\n«set  up  transition  arrays»=\n") ; 
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if  (  glob. numb er_of_e vents 0  >  0  ) 

i  printf  ("#define  transition^count  ‘/idXn", 
glob. number _of_transitions()) ; 
printf  (**bool  trans_enabled [transition. count]  ;\n”); 
printf  ("bool  selected [trans it ion.cotint]  ;\n"); 
printf  ("#define  t. count. squared  y,d\n"  , 

glob. number.of .transit ions 0  *  glob. number.of. transitions ()) ; 
printf ("bool  compat [t. count. squared] ;\n"); 

printf ("#define  compatible(i, j)  compatCi  *  transit ion. count  +  j]\n"); 

> 

//  Initializing  compat 

printf  ("\n«in it ialize  compat»=\n")  ; 
spin. initialize. comp at (glob , stdout ) ; 

//  The  body  of  the  driver 

printf  ("\n«get  driver  body»=\n"); 
grab (".driver.body" .stdout) ; 


>; 
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Chapter  11 

Parsing  RSML 

♦ 

*  This  is  a  hacked  up  version  of  the  tokens. lex  file  from  the  U.  of 

*  Washington.  I’ve  stripped  out  all  their  symbol  table 

*  manipulations,  replacing  them  with  simple-minded  entries  into  a 

*  hash  table.  And  I’ve  added  Ox  code  that  will  set  the  Str  attribute 

*  of  each  of  the  mciny  kinds  of  names, 

* 

/* *  Lexical  analysis.  Lexical  analysis  is  broken  up  into  two  passes;  the 
first  creates  the  system  object,  all  component  objects,  and  some  of  the 
objects  found  in  the  system.  The  second  pass  is  a  normal  tokenizing 
pass  for  the  parser.  The  object  created  during  the  first  pass  are 
initialized,  and  other  objects  are  created  and  initialized  during  the 
second  pass.  */ 

/* 

*  States: 

♦ 

*  Pass  #1:  entering  things  into  symbol  table 

*  <F0>:  Looking  for  declaration  keyword 

*  <F1>:  Reading  particular  declaration  keyword 

*  <F2>:  Reading  ending  declaration  keyword 

* 

*  Pass  #2:  Normal  tokenizing 


<P>  :  Normal  tokenizing 
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♦/ 

u 

#include  <string.h> 

#include  <stdio.h> 

#include  <search.h> 

#iiiclude  '’conf igiiration.h" 

#include  ’^y.tab.h" 

tinclude  '’generatecLinclude.f  ile  .h” 

tinclude  "table. h*‘ 

#include  "s_eip_utilities ,h" 

# include  "rsml.state.h" 

#define  display^table  name_ table. display 

- variable  declarations - */ 

/*  Temporary  token  used  during  the  first  pass  to  remember  the  declaration 
t3rpe  so  it  can  be  assigned  to  the  symbol.  */ 

static  int  declToken; 

extern  table  name stable;  //  Stands  in  for  symbol  table 

//  Declared  in  load.cc, 

//  so  it  persists  between  invocations 
//  of  yylex  and  yyparse. 

extern  rsml_state  rsml;  //  Statistics  gathered  during  parsing. 

//  Also  declared  in  load.cc. 

/*  These  are  used  as  local  variables  when  inserting  or  searching  for 
/*  entries  in  the  hash  table.  */ 

static  TABLE_DATA  ♦data_found; 
static  int  *tok€n_ptr; 

#define  set _token( token)  {declToken  =  token;  token^ptr  =  new  TABLE_DATA;  \ 

♦token^ptr  =  declToken;  } 

#define  MAX_LIKE.LENGTH  255 
int  parser  ^passNum; 

/*  Ox  seemed  to  be  having  trouble  with  this  as  a  local  declaration.  */ 

•/•> 
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GRAMMAR  DECLARATIONS 


/♦ - 

•/START  IDENT  Z 
•/.X  FO  FI  F2  P  P3 


*/ 


/*  Replace  INTEGER  with  REAL  -  Vivek  4/2  */ 

IDENT  [a-z_A-Z] [a-z_A-Z0-9]  * 

REAL.LIT  (  [0-9]  [0-9J  ♦  (  [ .  ]  [0-9_»  ?  (  [Ee]  [-+]  ?  [0-9J  +)  ?)|  \ 

([0-9]  [0-9_]*#[0-9a-fA-Fj  +  ([.]  [0-9a-fA-Fj+)?#([Ee]  [-+]?[0-9_]+)?) 
STRING.LIT  \"  ([■"]♦  (\''\  ")*)  *\" 

CHAR.LIT  \’[‘\n]\> 


/*  For  setting  the  Str  attribute  of  the  various  kinds  of  names  ♦/ 

/*  I  killed  the  stuff,  just  after  branching  on  parser.passNiua,  that 
swallowed  up  comments.  */ 

/* - START  OF  GRAMMAR - */ 

VL 

if  (parser_passNum  ==  0)  { 

BEGIN (FO) ; 

}  else  if  (parser^passNum  ==  1)  { 

BEGIN (P); 

} 


<F0, FI, F2, ?>"/*•'  {  int  c; 

do  { 

while  ((c  =  yyinputO)  != 

c  !=  EOF)  {  /*  eat  up  comment  */ 

> 

if  (c  ==  ’*0  { 

while  ((c  =  yyinputO)  ==  ’♦’); 
if  (c  ==  VO  { 
break ; 

> 

} 

}  while (TRUE); 

} 


<F0>### 

<F0>SYSTEM 

<F0>C0MP0NENT 


{  yyterminateO ;  } 

{  set_token(SYSTEM3AME)  ;  BEGIN(Fl);} 

{  set^token(COMPONENT_NAME) ;  BEGIN(Fl);} 


<FO>AND_STATE 


{  set_token(STATE^NAME) ; 
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rsml .  bunip_state_count  ()  ;  BEGIN  (FI)  ; } 

<FO>OR_STATE  {  set_token(STATE_NAME) ; 

rsml .bujiip_state_count()  ;  BEGIN(Fl)  ;} 

<FO>ATOHIC  {  set_token(STATE_NAME) ; 

rsml.bvunp_state_coTmt()  ;  BEGIN  (FI)  j} 

<FO>CONDITIONAL  {  set_token(STATE_NAflE)  ; 

rsml  .bump_state_couiit()  ;  BEGIN (FI) 

<FO>CONSTANT  {  set_token(CONSTANT_NAHE) ;  BEGIN(Fl);} 

<FO>EVENT  {  set_token(EVENT_NAME) ; 

rsml.btimp_event_count() ;  BEGIN(Fl) ;} 


<FO>IN_INTERFACE 

<FO>OUT_INTERFACE 

<FO>IN_VARIABLE 

<FO>OUT_VARIABLE 

<FO>FUNCTION 

<FO>MACRO 

<FO>TRANSITION 

rsml .  bump  .transition, 
<FO>TRANSITIGNBUS 


{  set_token(IN_INTERFACE_NAME) ; 

{  set_token(OTJT_INTERFACE_NAME)  ; 
{  set_token(IN_VAR_NAME) ; 

{  SGt_token(OUT_VAR_NAME) ; 

{  set_token(FUNCTION_NAME) ; 

{  set_token(MACRO_NAME) : 

{  set .token (TRANSITION.NAME) ; 
.count  0;  BEGIN(FI):} 

{  set .token (TRANSitlONBUS.NAME) ; 


BEGIN (FI);} 
BEGIN (FI);} 
BEGIN(Fl);} 
BEGIN(Fl);} 
BEGIN(Fl);} 
BEGIN (FI);} 


BEGIN (FI);} 


<FO>END  {  BEGIN (F2) ;  } 


<FO>[a-z_]  [_a-z0-9]*  ; 

<Fl>[a-z.] [.a-zO-9]*  {  switch  (declToken)  { 
case  SYSTEM.NAME; 
default : 

name.table .  insert  (strdup(yyteit)  ,  token.ptr)  ; 
break ; 

} 

BEGIN (FO) ; 

} 

<F0,Fl,F2>[\n]  ; 

<F0,F1,F2>[  \t]  ;  /♦  Eat  spaces  ♦/ 

<F0>.  ;  /*  Eat  rubbish  ♦/ 

<F2>[a-z_][_a-zO-9]*  {  BEGIN  (FO)  ;  } 


* 

♦  Pass  #2 

* 

<P>SYSTEM  {rGturn(SYSTEM);} 
<P>COMPONENT  {retum(COMPONENT);} 
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<P>ACTION  {ret\irn(ACTIOH);} 

<P>AND_ARRAY  <retum(AND_ARRAY) ;} 

<P>AND_STATE  {return  (AND.STATE.TOCEH) ;} 
<P>ASSIGNMENT  {retum(ASSIGNMENT)  ;> 

<P>ATOMIC  {retum(ATOMlC):} 

<P>CASE  {retum(CASE);} 

<P>CONDITIOH  {retum(COMDITION);} 

<P>CONDITIONAL  {retum(CONDITIOKAL)  ;} 

<P>CONSTANT  {retum(CONSTANT);} 

<P>DESTINATION  {return (DESTIHATIOS) ; } 

<P>END  {return (END);} 

<P>ENTERED  {return (ENTERED) ;> 

<P>EVEMT  {return(EVEHT);} 

<P>EXISTS  {retum(EXISTS):} 

<P>EXPECTED_MAX  {return (EXPECTED.MAX) ; } 

<P>EXPECTED_MIN  {return (EXPECTED.HIN) ; } 

<P>EXTERNAL  {return (EXTERNAL) ; } 

<P>FALSE  {return (FALSE.TOKEN);} 

<P>FROM  {return(FROM);} 

<P>DEFAULT  {retum(DEFAULT) ; } 

<P>FORALL  {retum(FORALL)  ;]• 

<P>FUNCTION  {return (FUNCTION);} 

<P>IF  {retum(IF);} 

<P>INTERFACE  {retum(INTERFACE)  ; } 

<P>IN_INTERFACE  {retum(IN_INTERFACE)  ; } 

<P>IN_ONE_OF  {retum(IN_DNE_OF):} 

<P>IN_STATE  {retum(IH_STATE)  ;} 

<P>IN_VARIABLE  {return (IN_ VARIABLE) ;} 

<P>LOAD  {return (LOAD) ;} 

<P>LOCATION  {return (LOCATION);} 

<P>MACRO  {return(MACRO);} 

<P>MAX_GRAN  {retum(MAX_GRAN);} 

<P>MIN_GRAN  {retum(MIN_GRAN);} 

<P>N0T  {retum(NOT)  ;} 

<P>NUMERIC  {retum(NOMERIC);} 

<P>OR_STATE  {retum(OR_STATE_TOKEN);} 

<P>0R_ARRAY  {retum(OR_ ARRAY) ;} 

<P>OUT_INTERFACE  {retum(OOT_INTERFACE) ;} 

<P>OUT_VARIABLE  {return (OOT_ VARIABLE)  ; } 

<P>PREV  {return (PREV);} 

<P>RECEIVE  {return (RECEIVE);} 

<P>RETURN  {return (RETURN);} 

<P>SELECTION  {return(SELECTION);} 

<P>SEND  {return (SEND);} 

<P>SOURCE  {retum(SOURCE)  ;} 

<P>STATE  {return (STATE);} 


142 


<P>TABLE  {return (TABLE);} 

<P>THIS  {retum(THIS);} 

<P>TIME  {retum(TIME);} 

<P>TIHEOUT  {return(TIHEOUT);} 

<P>TO  {retum(TO);} 

<P>TRANSITION  {return(TRANSITION) ; } 

<P>TRANSITIONBUS  {return (TRANSITIONBUS) ; } 

<P>TRIGGER  {return(TRIGGER) ;} 

<P>TRtJE  {retum(TRUE_TOKEN);} 

<P>TYPE  {return (TYPE);} 

<P>VALtJE  {return (VALUE);} 

<P>VARIABLE  {return(VARIABLE);} 

<P>EQ_ONE_OF  {return(EQ_ONE_OF);} 

<P>";"  {retum(’;  ’);  } 

<P>"."  {retum(’.  ’);  } 

<P>"T"  {retum(’T’);  } 

<P>"F"  {retum(>F’);  } 

<P>","  {retum(’,’);  } 

<p>M.ii  •[i-eturn( ’ ;  ’ )  ;  } 

<P>"("  {retum(’(’);  } 

<p>M)M  {retum(’)>);  } 

<P>"<="  {retum(LESS_OR_EQUAL);} 

<P>">="  {retum(GREATER_OR_EQUAL);} 

<p>M<M  {retum( ’<’);} 

<P>">"  {retum( ’>’);} 

<P>" !="  {return(NOT_EQUAL) ; } 

<P>"="  {retum(’=’);} 

<P>"+"  {retuxn( ’+’);} 

<P>"-"  {return( ’->);} 

<P>"*"  {retum( ’•’);} 

<P>"/"  {retum(V’) ;} 

<P>"{"  {retum(’{’)  ;} 

<P>"}"  {return( ’} ’ ) ;} 

<P>"["  {retum(’ [’) ;} 

<P>"]"  {retum('] ’) ;} 

<P>[  \t]  {;} 

<P>[\n]  {;} 

<P>{IDENT}  { 

data_found  =  naiBe_table  .f  ind(yytext)  ; 

if  (data_found  ==  NULL)  { 
return  LOCAL_VAR_NAME ; 

a{ 

aLOCAL_VAR_NAME.strO  =  new  Str(yytext) ; 

CLBCAL_VAR_NAME .  as_S_exp9  =  new  Application  (new  Str(yytext))  ; 

fi} 


else  { 

int  tok  ==  *data_foimd; 
switch  (tok)  { 
case(SYSTEM^NAME): 
return  SYSTE«_MAME; 

H 

@SYSTEH_NAME.str@  =  new  Str(yytext) ; 
break; 

case(COMPONENT_NAME) ; 
return  COMPONENT.NAME ; 

H 

®C0MP0NENT_NAME. strQ  =  new  Str(yyteit) ; 

0} 

break; 

case(STATE„NAME): 
return  STATE_NAME; 

H 

0STATE_NAME . strfi  =  new  Str(yytext) ; 

eSTATE^NAME . as_S_eipe  =  new  Application (new  Str (yytext)) ; 

0} 

break; 

case(EVENT^NAME) : 
return  EVENT_NAME; 

0{ 

0EVENT_NAME.str0  =  new  Str (yytext); 

0} 

breeik; 

case(OtJT_INTERFACE^NAME) : 
return  OUT^INTERFACE^NAME; 

0{ 

0OUT_INTERFACE_NAME, str0 =  new  Str (yytext ) ; 

0} 

break ; 

case(IN_INTERFACE^NAME) : 
return  IN.INTERFACE^NAME; 

0{ 

0IN_INTERFACE_NAME . str0 =  new  Str (yytext) ; 

0> 

break ; 

case(CONSTANT_NAME) : 
return  CONSTANT^NAME ; 

0{ 

0CONSTANT_RAME.str0  =  new  Str (yytext); 

0CONSTANT_NAME.as_S_exp0  =  new  Application  (new  Str  (yytext)  )  ; 

0} 
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break; 

case(IN_VAR_NAME) : 
return  IN.VAR.NAME; 

«{ 

fiIN_VAR_NAME.str0  =  new  Str(yytext); 

8IN_VAR_NAI1E .  as_S_exp0  =  new  Application  (new  Str(yytext)  )  ; 

«} 

break; 

case(OUT_VAR_NAME) : 
return  OUT_VAR_NAME ; 
fl{ 

eOUT_VAR_NAME.str9  =  new  Str(yytext); 

8OUT_VAR_NAME.as_S_exp0  =  new  ApplicationCnew  Str(yytext)) 

8} 

break; 

caseCFUNCTION.NAME) : 
return  FUNCTIOK.NAME ; 

e{ 

6FUNCTI0N_NAME . str0  =  new  Str(yytext) ; 

8} 

break; 

case(MACRO_NAME) : 
return  MACRO_NAME; 

e{ 

eMACR0_NAME.str8  =  new  Str(yytext) ; 

8} 

break; 

case(TRANSmON_»AME) : 
return  TRANSITION.NAME; 

8{ 

8TRANSITI0N_NAME.str8 =  new  Str(yytext) ; 

8} 

break; 

case(TRANSITIONBUS_NAME) : 
return  TRANSITIONBUS.HAME ; 

8{ 

8TRAKSmOMBUS_NAHE.str0=  new  Str(yytext); 

8} 

break; 
default : 

printf  ("♦**ERROR***  Unrecognized  name  ♦**")  ; 

} 

} 

> 
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<P>{REAL_LIT}  {  return (REAL); 

«{ 

0REAL.val@  = 

new  scaled_  integer  (new  Str(yytext)) 

0} 

} 


<P>### 


{  retum(SECTION_SEPARATOR) ;  } 


Chapter  12 


Auxiliary  C++  code 


12.1  c_style.h 

#ifndef  _c_style„h_ 

#define  _ c_style_h_ 

tfinclude  <stdio.h> 

#include  ’’str.h" 

#include  "state_value .h" 

#include  "s_exp.h" 

^include  "global_table .h" 

#define  Space  (new  Str("  ")) 

#define  LBracket  (new  Str(”[’')) 

#define  RBracket  (new  Str('’]'0) 

tdefine  State  new  Str(*' state") 

#define  Selected  new  Str("selected*') 

#define  Event  new  Str ("event") 

#def  ine  TransEnabled  new  Str("trans_enabled") 

tdefine  PREFIX^LEAVE(str)  str->prepend("leave„") 

#define  PREFIX_ENTER(str)  str->prepend("enter_") 

#define  PREFIX_SETPARENT(str)  str-“>prepend("set_parent_") 
#define  PREFIX_COND(str)  str“>prepend("cond_") 

#define  PREFIX_ENABLED(str)  str->prepend(" enabled^") 
#define  PREFIX_TAKE(str)  str~>prepend("take_") 

#define  PREFIX_ACTION(str)  str->prepend("action_") 

//  Usage  of  the  macros;  Str  ♦strl,  *str2,  and  s  is  a  char*. 
//  C0MP0SE_SEP2( this, that,";  ")  is  "this;  that" 
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#define  C0MP0SE_SEP2(strl ,str2,s)  stri->append(s)->append(str2) 
tdefine  C0MP0SE_SEP3(strl ,str2,str3,s)  \ 

strl->append(s)“>append(str2)->append(s)->append(str3) 

#define  C0MP0SE2(strl ,str2)  C0MP0SE_SEP2(strl ,str2, ;  ") 

#define  C0MP0SE3(strl ,str2.str3)  C0MP0SE„SEP3(strl ,str2 .str3/' ;  ”) 

//  GENERAL  NOTE:  We  take  the  simple  minded  strategy  of  modeling 
//  lines  of  SPIN  code  as  Str’s.  This  leads  to  some  pretty 
//  inefficient  manipulations  (lots  of  making  new  copies  when 
/ /  doing  appends  and  prepends) .  In  the  long  run  it  might  be 
//  better  to  model  SPIN  code  as  S_exp^s. 

Str  *sharp_define(Str  ★symb,  Str  *def ) ; 

//  *'#define  symb  def"  //  notice,  no  concluding 

Str  *half_def  ineCStr  *symb)  ; 

//  ”#define  ♦symb  "  //  notice,  concluding  space 

Str  ♦select 1 (Str  ♦arr,  Str  ♦index); 

//  "arr [index]” 

Str  ♦select2(Str  ♦arr,  Str  ♦indexl,  Str  ♦index2) ; 

/ /  "arr  [indexl]  [index2]  " 

Str  ♦set_true(Str  ♦Ihs) ; 

//  "♦Ihs  =  TRUE" 

Str  ♦set_false(Str  ♦Ihs); 

//  "♦Ihs  =  FALSE" 

Str  ♦declare (Str  ♦typ,  Str  ♦id); 

//  "♦typ  ♦id;" 

//  Assinaes  that  i  >==  0 

char  ♦decimal_string(int  i)  ; 

//  Expected  arguments  Str  ♦symb,  int  code  (and  int  >-  0) 

//  Returns  "#define  ♦symb  code" 

#define  def ine_ int _code (symb, code)  \ 

sharp_def ine(symb,  new  Str(decimal_string(code))) 

void  print^spin^code(char  ♦module_name,  Str  ♦c,  FILE  ♦! )  ; 
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static  Str  *pref ix_leave(Str  *s)  ; 
static  Str  *pref  ix_enter(Str  *s)  ; 
static  Str  *set_action(Str  *s)  ; 

void  print^leave_definition(Str  *parent,  StrList  *children,  FILE  )  ; 

void  print_set_parent(Str  *child,  Str  *parent,  FILE  )  ; 

void  print_enter_atomic(Str  *name,  FILE  *f); 

//  ”#define  enter_naine  set.parent^name ;  state  [name]  =TRUE" 


void  print.enter_or(Str  *name,  Str  *default .child,  FILE  *f); 

//  "#define  enter.name  set .parent .name;  state [name] =TRUE; 

/ /  enter.default. child” 

void  print.enter.andCStr  *name,  StateValueList  ♦children,  FILE  ♦! )  ; 
//  tdefine  enter.name  se t. parent .name ;  state [name] =TRUE; 

/ /  enter.childrenl ;  enter.children2 ;  ..." 


//  Str  ♦declare.struct (Str  ♦name,  StrList  ♦parts); 

//  ”t3rpedef  ♦name  {  ...  parts  ...};”  //  separator  is  ”\n\t” 


void  print.transition.def  (Str  ♦trans.name, 

Str  ♦t rigger. name , 

S.exp  ♦fml, 

StrList  ♦actions, 

Str  ♦to.name, 

Str  ♦from.name, 

Str  ♦leaves.name , 

FILE  ♦!); 

//  IMPORTANT:  Right  now,  the  condition  is  dummied  out  as 
If  "TRUE" 

//  IMPORTANT:  If  the  trigger.name  is  the  null  event,  or 
//  the  dummy  event  we  currently  treat  the  conjunct 

//  event  [trigger.name]  as  TRUE.  And  in  the  definition  of 
//  action.trans.name  we  omit  "event  [trigger.name]  =FALSE; " 

//  #define  cond. trans.name  fml  <as  str,  not  s.exp> 

//  #define  enabled,  trans.name  state  [from.name]  ft& 

/ /  event [trigger.name]  ft& 
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*  f  cond_trans_naine 

//  #define  take_trans_name  selected  [trans,name]=FALSE; 

//  leave_leaves_naine ;  enter_to_name; 

//  #define  act  ion_traiis .name  event  [trigger .name]  =FALSE; 

/ /  event  [act  ion  1]  =TRUE ; 

/ /  event [act ion2] =TRUE ;  . . . 

//  NOTE:  The  next  three  functions  refer  to  the  extern 
//  global  variable  glob,  of  type  global.table. 

static  void  compat.component  (int  i,  int  j,  int  k,  FILE  *f ) ; 

//  "compat[i  ★  transit ion.count  +j]  ~  k\n'’ 

void  spin.initialize.compatCglobal.tableg,  FILE  *f); 

//  for  all  i,  generate 
//  '‘compat[i]  =  \n" 

/ /  Auxiliaries  for  spin.receive. inputs 

static  Str*  set.event  (Str  *e.name) ; 
static  Str*  set.in.variable  (Str  *v_name)  ; 

void  spin.receive.inputsCStr  winter  face  .name, 

StrList  *in.var.list , 

S.exp  *select.cond, 

StrList  *actions, 

FILE  *f ) ; 

//  NOTE:  for  now,  'select.cond’  is  dummied  to  TRUE 
//  «receive  inputs»= 

//  ::  input .  int  erf  ace.name  &&  ’select.cond’  -> 


// 

event [actionl] 

=  TRUE; 

// 

event  [action2] 

=  TRUE; 

// 

. . . 

// 

in.var.listl  - 

input . in.var.listl ; 

// 

in_var.list2  = 

input . in_var.list2 ; 

// 

. . . 

void  spin.set.arrayCchar  *name,  char  *length,  char  ♦value,  FILE  ♦!) 
//  NOTE:  This  does  not  automatically  deposit  these  in  a 
//  noweb  module. 

//  i  =  0; 

//  do 

//  ::  i  <  length  ->  name [i]  =value ;  i++ 

//  ::  else  ->  break; 
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//  od; 


#endif 


12.2  c_style.cc 

#include  <stdlib.h> 

#include  *‘c_style.h'’ 

#include  *‘strlist_utilities  .h" 

#include  " st at e_ value _ut il it ies . h" 

extern  global_table  glob; 

#define  DUMMY  new  StrC’TRUE”) 

Str  ♦sharp_def  ine(Str  ♦symb,  Str  *def){ 
return  (new  Str("#define  "))-> 

append (symb) ->append (Space) ->append (def ) ; 

}; 

str  *half  _def  ine(Str  *symb){ 
return  (new  Str("#define  "))-> 
append (symb) ->append (Space) ; 

}; 

Str  ♦select 1 (Str  ♦arr,  Str  ♦index) { 
return  arr-> 

append (LBracket)“>append( index) ”>append(RBracket) ; 

}; 

Str  ♦select 2 (Str  ♦arr,  Str  ♦indexl,  Str  ♦index2){ 
return  arr-“> 

append (LBracket)->append(  index l)->append(RBracket)-> 
append  (LBracket)-'> append  (index2)->append(RBracket)  ; 

}; 

Str  ♦set_true(Str  ♦Ihs)! 

return  Ihs -> append ("=TRUE'0  ; 

}; 

Str  ♦set^f  alse(Str  ♦lhs){ 
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return  lhs->append("=FALSE") ; 

>; 


Str  *declare(Str  *typ,  Str  *id){ 

return  typ->append (Space )->append( id) ; 

>; 


char  *decimal_string(int  i){ 

char  *s; 

int  n  =  1; 

int  ten_to_n  =  10; 

while  (  i  /  ten_to_n  !=  0  ) 

{  n++; 

ten.to^n  =  ten_to,n  *  10; 

} 


if  (  i  <  0  ) 

{  s  =  (char  ♦)malloc(n+2) ;  } 
else 

{  s  =  (char  *)malloc(n+l) ;  } 
sprintf(s,  '‘%d",  i) ; 
retTirn  s; 


//  NOTE:  If  this  stuff  gets  moved  into  a  ".nw’’  file,  all 
//  the  "«"  and  "»*‘  will  have  to  be  escaped  with  "C". 

void  print^spin^code(char  *module_name,  Str  *c,  FILE  *f){ 
f printf  (f ,  '’\n«y,s»=\n'‘ ,  module^name)  ; 
c->print(f ) ; 


}; 


str  *pref  ix_leave(Str  *s){ 
return  PREFIX^LEAVE(s) ; 

}; 

str  *prefix_ enter  (str  ♦s)! 
return  PREFIX_ENTER(s) ; 

}; 


void  print„leave_definition(Str  ♦parent,  Striist  ♦children,  FILE  ♦f){ 
//  ♦prefix  gives  "#define  leave.parent  state [parent] =FALSE” 
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Str  ♦prefix  =  shaxp_define(prefix_leave (parent ) , 
set.f alse (select  1 (State , parent) ) ) ; 

//  If  ♦children  is  (A,  B,  C)  ,  then  ♦rest  is 
//  (leave_A,  leave_B,  leave_C) . 

StrList  ♦rest  =  pointwise (children,  pref ix^leave) ; 

fprintf  (f ,  "\ii<<def  ine  leave  actions»=\n")  ; 

(new  StrList (prefix,  rest) )->print (f ,  ")  ; 


}; 


void  print_set_parent (Str  ♦child,  Str  ♦parent,  FILE  ♦!){ 

Str  ♦symbol  =  PREFIX.SETPARENT  (child)  ; 

Str  ♦def^as; 

if  (  parent”>equals(new  Str("”))  ) 

{  def_as  =  set^true (select l(St ate, child)) ;  } 
else 

{  def_as  =  C0MP0SE2(set_true(selectl(State,parent)) , 
PREFIX^SETPARENT (parent)) ; 

} 

print_spin_code ("define  set  parent", 

sharp_def ine (symbol ,  def _as) , 

f); 


>; 


void  print_enter„atomic (Str  ♦name,  FILE  ♦!){ 

Str  ♦def^as  =  C0MP0SE2(PREFIX^SETPARENT(name)  , 
set _true (select 1 (State, name))) ; 

print_spin_code( "define  enter  actions"  , 
sharp_def  ine  (prefix,  enter  (neune)  ,  def.as)  , 

f); 


>; 


void  print.enter.or (Str  ♦name,  Str  ♦default .child,  FILE  ♦!){ 
Str  ♦def.as  = 
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COMPOSES (PREFIX^SETPARENT (name) , 
set _true (select 1( St ate, name)) , 
pref ix_enter(default_child)) ; 


print_spin_  code  (“define  enter  actions*’, 
sharp_def  ine(pref  ix_enter(name)  ,  def_as)  , 
f); 


}; 


void  print_€nter_and(Str  ♦name,  StateValueList  *children,  FILE  *f){ 
if  #define  enter .name  set.parent.name ;  state [name] =TRUE; 

//  enter.childrenl ;  enter.children2; 


//  ♦prefix  gives 

//  ''#define  enter  .name  set.parent.name ;  state  [name] -TRUE*’ 

Str  ♦def .prefix  = 

C0MP0SE2(PREFIX.SETPARENT(name) , 
set.true (select 1 (State, name))) ; 


Str  ♦prefix  =  sharp.def ine(prefix.ent er (name) , def .prefix) ; 

StrList  ♦rest  =  pointwise (StateValListToStrList (children) , 
prefix. enter) ; 

fprintf  (f  ,'’\n«define  enter  actions»=\n")  ; 

(new  StrList  (prefix,  rest))->print  (f ,  *’)  ; 


}; 


static  Str  ♦set.action(Str  ♦s)! 
return  set.true (select 1 (Event ,s) ) ; 

}; 


void  print.transition.def  (Str  ♦trans.name, 
Str  ♦trigger.name , 

S.exp  ♦fml, 

StrList  ♦actions, 

Str  ♦to.ncime, 

Str  ♦from.name, 

Str  ♦leaves.name , 

FILE  ♦!){ 
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//  #define  cond_trans_nanie  fml  <as  str,  not  s_exp> 


print_spin_code( "define  transitions" , 
sharp^def  ine(PREFIX„COWD(trans_name)  ,  DUMMY)  , 
f); 

//  #define  enable d_trans_name  state  [from_name]  &fe 
//  event [trigger _name]  && 

//  cond_trans_name 

//  unless,  trigger ^naine  is  ""  or  "?" 

Str  ♦do_this; 

if  (  trigger_naLme->equals(NullEventName)  I  I 
trigger_name->equals (DummyE vent Name) ) 

{  do^this  s=  C0MP0SE_SEP2 (select  1  (State, from_name)  , 
PREFIX_COND(trans_name) , 

"  &&  "); 

} 

else 

{  do_this  =  C0MP0SE_SEP3(selectl(State,from_name) , 
select 1 (Event ,trigger_name) , 

PREFIX_COND(trans_name) , 

"  &&  "); 

> 

print_spin_code( "define  transitions" , 
sharp_def  ine  (PREFIX^ENABLED  (trans^name)  , 
do_this) , 

f); 

//  #define  take_trans_name  selected [trans_name]=FALSE; 

//  leave_leaves_name ;  enter_to_name 

print_spin_code( "define  transitions" , 
sharp^def  ine  (PREFIX_TAKE(trans_naine) , 

COMPOSES (set_f alse (select 1 (Selected, 
trans_name)  )  , 

PREFIX_LEAVE(leaves_name)  , 

PREFIX_ENTER(to_name) ) 

), 

f); 

//  #define  action_trans_ncune  event  [trigger _name]  =FALSE ; 

//  event [act ionl]=TRUE; 

//  event  [act  ion2]=TRUE;  ... 

// 
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print_spin_code ("define  transitions" , 
half _def  ine (PREFIX.ACTION (trans^name) ) , 
f); 

StrList  *do_this2  -  pointwise (actions ,set_act ion) ; 

if  (  !  trigger_name->equals(NullEventName)  && 

!  trigger_naDie-“>equals(DiiinmyEventName)  ) 

{  do_this2  =  new  StrList (set.false (select 1 (Event .trigger .name) ) , 
pointwise (actions, set.action) ) ;  } 
else 

{  do.this2  =  point wise (act ions, set.act ion) ;  } 

if  (  do.this2  ==  NULL  ) 

{  return;  } 
else 

i  do.this2“>print(f ,  ";  ");  } 


}; 


//  This  prints  "compatible(i, j)  =  TRUE"  if  transition  i 
//  is  compatible  with  transition  j,  and  is  otherwise  a  no-op. 

static  void  compat_component(int  i,  int  j,  int  k,  FILE  *f){ 

if  (k  ==  1) 

fprintf(f,  "\tcompatibleC/,d,7.d)  =  TRUE;\n",  i,  j); 

}; 


void  spin.initialize_compat(global_table  g,  FILE  *f){ 
fprintf (f , "d.stepIXn") ; 
g. do .to.compatible(compat. component ,f ) ; 
fprintf (f,"}\n") ; 

}; 


//  Return  "event [e.name]=TRUE" 

static  Str*  set. event (Str  *e.name){ 

return  set.true (select 1 (Event ,e  name)); 

>; 

//  Return  "v.name  =  input  .v.name" 
static  Str*  set.in_variable(Str  *v_name){ 
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return  v_ncuae->append(“  =  input .  ")“>append(v_name)  ; 

}; 


void  spin_receive_inputs(Str  *interf  ace_name , 

StrList  *in„var_list , 

S„eip  *select_cond, 

StrList  *actions, 

FILE  ♦!){ 

StrList  *event_assigs  =  po intwise (act ions, set.event) ; 

StrList  *vbl_assigs  =  point¥ise(in_var_list ,s€t_in_variable) ; 

fprintf  (f  ,"\n«receive  inputs»=\n'0  ; 
f  printf  (f ,  :  input . "  )  ; 

interf  ace  .name-*  >print(f)  ; 
fprintf (f , "  ftft  TRUE  ->\n» ) ; 
if  (  event_assigs  !==  NULL  ) 

i  event_assigs->print(f ");  fprintf  (f,’‘;\n")  ;  } 
if  (  vbl.assigs  !=  NULL  ) 

{  vbl_assigs“>print(f ;  fprintf  (f,*’ ;\n")  ;  } 
if  (  vbl_assigs  ==  NULL  &&  event _assigs  ==  NULL  ) 

{  fprintf  (f , "skip; \n'’)  ;  } 


void  spin_set_arr  ay  (char  ♦name,  char  ♦length,  char  ♦value,  FILE  ♦!){ 

fprintf  (f,"i  =  0;\ndo\n\t;:  i  <  %s  ~>  %s[i]=%s;  i++\n\t\ 

::  else  ->  break;\nod;\n" , length, name, value ) ; 


}; 


12.3  conditions. h 


#ifndef  _ conditions_h_ 

#define  _ conditions_h_  1 

#include  "s.exp.h" 

#include  "simple_list .h" 

enum  TruthValue  {  tv_false,  tv^true,  tv_dont_care  }; 
typedef  SimpleList<TruthValue>  TruthValueList ; 
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//  If  pred  is  P  and  tv.list  is  "TF.FFT.",  this  returns  a  pointer 
//  to  (P,  not  P,  true,  not  P,  not  P,  P,  true). 

S_exp_list  ♦formula^row(S_e3cp  *pred,  TruthValueList  *tv_list)  ; 

#endif 


12.4  conditions. cc 


#include  "conditions.h” 

S^exp^list  *f onnula_row(S_exp  *pred,  TruthValueList  ♦tv_list){ 
if  (tv^list  ==  NULL) 

{  return  new  S^exp.list;  } 
else 

{  switch  (tv_list->head())  { 
case  tv_false: 

return  new  S^exp.list (pred->Not () , 
formuia_row(pred,  tv_list->tail())) ; 
case  tv_true: 

return  new  S_exp_list (pred, 
formula_row(pred,  tv_list->tail())) ; 
case  tv_dont_care: 

return  new  S_eip_list (true_S_ptr, 
formula_row(pred,  tv_list''>tail()))  ; 

} 

} 

}; 


12.5  configuration.h 

#ifndef _ conf  iguration^h _ 

tdefine _ configuration.h _ 1 

//  This  is  a  temporary  kludge 

#define  MAX.SPEC. NAMES  1000 
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//  All-piurpose  kludge 
#define  DummyType  int 
#endif 


12.6  event_value.h 


#ifndef  _ €vent_value_h_ 

#define  _ event_value_h_  1 

#include  "simple^list .h" 

#include  '‘str.h” 

#include  ”generated_C_macros .h” 

//  Presumably,  the  kind  of  an  event  —  whether  it’s  associated  with  a 
//  state,  a  variable,  or  an  interface,  will  ultimately  be  included  in 
//  the  private  data  of  ein  event _value. 

//  The  constructor  event_value(Str*,  knd))  may  be  a  mistake,  as  it  permits 
//  someone  to  supply  a  MULL  pointer,  and  therefore  ruins  the 
//  potentially  desirable  representation  invariant  of  never  having  a 
//  null  pointer  "inside". 

enum  event _kind  {  StateEvent,  VariableEvent ,  Int erf aceE vent  }; 

class  event_value  { 
public : 

event_value()  {st  =  NullEventName ;  knd  =  StateEvent;  }; 
event_value(Str  *s,  event _kind  k)  {st  «  s;  knd  -  k;  }; 

Str  *str()  {return  st;}; 
event^kind  kindO  {return  knd;}; 

int  oper  at  or ==(  events  value  s){ 
if  (st  !=  NULL  ft&  s.st  !=  NULL) 

{return  st“>equals(s. st)  ftft  knd  ==  s.knd;  } 
else 

{return  (st  ==  NULL)  &&  (s.st  ==  NULL);} 

}; 


void  print  (FILE  ♦!)  ; 
private: 
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Str  *st; 
event^kind  knd; 

}; 

typedef  SimpleList<event_value>  EventValueList ; 
#define  EmptyEventValueList  (EventValueList  ♦)0 
#endif 


12.7  event  _value.cc 


#include  ’’event^value.h" 

void  event_value: : print (FILE  *f){ 

fprintf(f,  ’’events value:  str  =  kind  =  y.dXn" ,st->str ,knd)  ; 


}; 


12.8  event -Value -utilities.h 


#ifndef _ event_value_utilities_h_ 

#def ine  event _ value _utilities_h_  1 


tinclude  " event _ value. h" 

#include  "str.h" 

//  The  state  events  go  into  the  StrList. 

StrList  *StateEventsToStrList  (EventValueList  *val_list)  ; 
void  print  ^EventValueList  (EventValueList  *evl)  ; 

#endif 


12.9  event_value_utilities.cc 


tinclude  <stdio.h> 
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#include  "event_value_utilities .h” 

StrList  *StateEventsToStrList  (EventValueList  *Tal_list)  { 

StrList  *e_list  =  EmptyStrList ; 

EventValueList  *iter  =  val_list; 

while  (iter  !=  NULL){ 

if  (iter“>head() .kindO  ==  StateEvent) 

{  e_list  =  new  StrList  (iter">head()  .strO  ,  enlist)  ;  } 
iter  =  iter”>tail() ; 

} 

return  enlist; 

}; 


void  print  .EventValueList  (EventValueList  ♦evDi 

while  (evl  !=  NULL)  { 

evl->head() .print (stdout) ; 
evl  =  evl->tail(); 

} 


}; 


12.10  eves2jstate.h 


#ifndef _ eves2_state.h. 

#define _ eves2_state_h. 


class  eves2.state  { 
public : 

eves2_state()  {  call.number  =0;  }; 

//  Successive  calls  of  suffix  return  ” _ 1”,  " _ 2",  " _ 3",  etc. 

chatr  ♦suff  ix()  ; 
private : 
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int  call^number ; 


}; 


#endif 


12.11  eves2jstate.cc 


#include  **eves2_state.h*’ 

#include  "misc_utilities.h" 
char  *eves2_state: : suffix (){ 

return  decorateC* _ "  ,++call_number)  ; 

}; 


12.12  formula_table.h 


#ifndef _ fonnula_table_h _ 

#define  f ormula_table_h 1 

/*  Hacked  up  quickie.  (See  also  name^table.h)  */ 

#include  "conf iguration.h" 

#include  "s_exp.h" 

# include  "list.h" 

#include  ’’event^value.h" 

/♦  The  only  good  thing  about  this  is  the  provision  of  a  */ 

/♦  "do-it-to~the-¥hole~t able"  method.  */ 

class  formula^table  { 

public: 

//  Make  a  f ormula^table  with  the  given  keys,  and  all  associated 
//  formulas  initially  equal  to  ♦fml.  If  the  length  of  *keys  is 
//  greater  than  MAX_SPEC_NAMES  only  the  first  MAX.SPEC^NAMES  will  be 
//  entered  as  keys. 


formula_table(StrList  ♦keys,  S.exp  ♦! ml)  ; 
int  sizeO  {  return  top;  }; 
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//  Retirrn  a  pointer  to  the  formula  pointed  to  by  *key  (the  very  same 
//  pointer  that^s  in  the  table,  so  there ^s  sharing  here  —  which 
//  does  not  at  the  moment  seem  like  a  problem).  If  none,  return 
//  NULL. 

S_exp  *f ind(Str  *key) ; 

//  Replace  the  entry  for  *key  with  *fml,  if  there  is  an  entry,  and 
//  return  0.  If  there  is  no  entry  for  *key  return  1. 

int  update (Str  *key,  S_exp  *fml) ; 

//  IMPORTANT:  Assumes  that  ‘this’  and  stable  were  made  from  the  same  keys 
//  arranged  in  the  same  sequence. 

//  Modifies  ‘this’  by  disjoining  to  its  formulas,  pointwise,  those 
//of  *table. 

//  The  only  protection  is  that  if  the  two  tables  are  of  different 
//  length  it  won’t  run  off  the  end  of  either  of  them. 

void  disjoinCf ormula.table  stable); 

//  This  runs  through  the  entire  table  and  applies  the  operation  entry_op 
//to  each  (key,  formula)  pair. 

void  do_it(void  (*entry_op) (Str*,  S_exp*)); 

void  display (FILE  *f )  ; 

private : 

typedef  struct  entry  {  Str  *key;  S.exp  *fml;  }  ENTRY; 

//We  can’t  use  any  of  the  list  templates  we  have,  because  they  all 
//  require  that  the  element  type  have  a  ==  operator. 

ENTRY  stuff [MAX_SPEC_NAMES] ; 
int  top; 


}; 


#define  EmptyFormulaTable  f ormul actable  (EmptyStrList,  (S_exp  *)0); 
#endif 
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12.13  formula_table.cc 


#iiiclude  "f ormula_ table. h" 
tfinclude  <stdio.h> 

#include  <string.h> 

//  Silly,  since  we’re  running  through  the  keys  twice  —  once  to  count 
//  them  and  once  to  insert  them  into  the  table.  But  the  whole  thing 
//  is  so  klutzy,  who  cares? 

f ormula_table : : f ormula_table (StrList  *keys ,  S_exp  ml) { 

if  (keys  —  NULL)  { 
top  =  0; 

} 

else  { 

top  =  (keys“>len()  >  MAX.SPEC_NAMES)?  MAX.SPEC^NAMES  :  keys->len()  ; 

} 

for  (int  i  =  0;  i  <  top  ;  i++)  { 
stuff[i].key  =  keys*~>hd; 
keys  =  keys~>tl; 
stuff [i] . f ml  =  f  ml ; 

} 

>; 


S_exp  *formula_table:  :find(Str  *key){ 
if  (key  ==  NULL)  {return  NULL;} 
for  (int  i  =  0;  i  <  top  ;  i++)  { 

if  (  stuff [i]. key  ==  NULL  )  {  printf (“NULL  key  in  table\n'’);  return  NULL;  } 
if  (  stuff [i] . key~>equals (key)  ) 

{return  stuff [i] . f ml ; > 

} 

return  NULL; 


int  formula_ table update (Str  *key,  S_exp  *fml){ 
if  (key  ==  NULL)  {return  NULL;} 
for  (int  i  =  0;  i  <  top  ;  i++)  { 

if  (  stuff  [il.  key  =  NULL  )  {  printfC'NULL  key  in  tableXn")  ;  return  NULL;  } 
if  (  stuff [i] . key”>equals (key)  )  { 
stuff  [i]  .  f ml  =  f ml ; 
retiim  0;} 

} 
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return  1; 

}; 


void  formul actable;  :disjoin(formula_table stable) { 
if  (  table  ==  NULL  )  {  return;  } 

for  (int  i  =  0;  (i  <  top  &&  i  <  (*table) .top) ;  i++){ 

stuf f  [i]  . f ml  =  stuff  [i]  .fml*“>0r((*table)  .stuff  [i]  .f ml)  ; 

} 

}; 


void  formula_table: : display (FILE  *f){ 
printf  ('’♦**♦*♦*  Table  value  ; 

for  (int  i  =  0;  i  <  top;  i++)  { 

if  (stuff  [i]  .  key  ==  NULL)  { 

printf  (’’Printing  null  key.  Value  of  i  is  yCd\n",i); 
continue ; 

} 

printfC’Key:  7,s\n"  ,  stuff  [i]  .key~>str)  ; 
pr intf ( "Formula :  "  )  ; 
stuff [i] .fml->print(f ) ; 
printf ("Xn"); 

} 

}; 


void  formula_table:  ;do_it(void  (*entry_op)  (Str*,  S_exp*)){ 
for  (int  i  =  0;  i  <  top;  i++)  { 

entry_op (stuff  [i]  .key,  stuff  [i]  .fml)  ; 

} 


}; 


12.14  formula_table_utilities.h 


#ifndef  f ormula_table_utilities_h_ 

#def ine f ormula_table_utilities_h_  1 

#include  *'f ormula^table.h" 

#include  " events value .h" 

//  This  should  perhaps  be  #defineM  instead.  It  returns  ftab_ptr, 

//  after  having  a  side  effect  on  *ftab_ptr,  updating  the  event. strO 
//  slot  of  the  table  by  disjoining  *fml_ptr  to  it. 

formula_table  *DisjoinToETests(Str  *key,  S_exp  ♦fml_ptr, 
f ormula^table  *f tab_ptr) ; 
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#endif 


12.15  formula_table_utilities.cc 


#include  ormula_table_utilities .h" 

formula^ table  *DisjoiiiToETests(Str  *key,  S_exp  *fml_ptr, 
formula_table  ♦ftab_ptr){ 
f tab_ptr->update (key , 
ftab_ptr->f ind(key)~>Or(fml.ptr)) ; 
return  ftab.ptr; 

}; 


12.16  function_definition.h 

#ifndef _ fttnction_def  inition_h_ 

#define _ function^def  inition_h_  1 

#iiiclude  <stdio.h> 

#iiiclude  '‘s_exp.h" 

#include  "str.h" 

#include  ”simple_list .h” 

class  rsMl_case  { 

public : 

rsml_case(S_exp  *c,  S_exp  *v)  {condit  =  c;  val  =  v;  }; 

S_exp  *condition()  {  return  condit;  }; 

S_exp  rvalue ()  {  return  val;  }; 

//  Phoney  ops  included  so  that  we  can  use  the  List  template, 

int  equals (rsml_case  ♦c2)  { 
printf  (''♦***D0N^T  CALL  equals  ON  rsml.case****") ; 
return  0; 

}; 


void  print  (FILE  *f)  { 
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printf  ('’****DOW’T  CALL  print  ON  rsml.  case  **♦*") j 

}; 


private: 

S_exp  *condit; 
S_exp  *val; 

}; 


typedef  List<rsml_case>  CaseList; 

#define  EmptyCaseList  (CaseList  ♦)0 

class  function^def  inition  { 

public: 

function.def inition(Str  *n,  S_exp_list  CaseList  ♦€){ 
nm  =  n; 
vbls  =  v; 
c_list  =  c; 

}; 


Str  *nam€() ; 

S_exp_list  *variables()  ; 

CaseList  *case_list () ; 

void  printCFILE  *1)  {  printf  ('‘♦^♦**DUMMY*****")  ;  }; 

private: 

Str  *Tm; 

S_exp_list  *vbls; 

CaseList  *c  list; 

>; 


#endif 
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12.17  function_definition.cc 


#include  "ftmction.def inition.h" 

Str  * f tine tion^definit ion: ; name 0  {  return  nm;  }; 

S_exp_list  *function_def  inition: :  VciriablesO  {  return  vbls;  }; 
CaseList  *function_definition: :case_list ()  {  return  c_list;  }; 


12.18  funct  ion_definit  ion_ut  ilit  ies .  h 


#include  "function_def inition.h" 

S_exp_list  *condition_list (CaseList  *c_list)  ; 

//  If  c  is  the  case  (b,  e)  ,  then  this  returns  a  pointer 
//  to  (IMPLIES  b  (=  t  e)).  This,  after  all,  is  how  the 
//  cases  are  used. 

S_exp  *as_S_exp(rsml_case  ♦c,  S.exp  *t)  ; 

S^exp^list  *as_S_exp_list  (CaseList  *c_list,  S_exp  ♦t)  ; 


12.19  funct  ion_definit  ion_ut  ilit  ies  .cc 

#include  "function^def  inition_ut  ilit  ies  .h" 

S_exp_list  *condition_list (CaseList  *c_list){ 

if  (enlist  ==  NULL) 

{  return  new  S_exp_list  ;  } 

S^exp  *tmp  =  c_list'->hd-“>condition() ; 
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if  (c_list“>tl  ==  NULL) 

{  return  new  S_erp_list (tmp)  ;  } 
return  new  S_exp_list (tmp, 
condition_list (c_list“>tl) ) ; 


S_exp  *as_S_exp(rsml_case  *c,  S_exp  *t){ 
return 

new  Application  (new  Str  ("  IMPLIES  ")  , 
Doublet on (c->condit ion 0 , 

new  Application  (new  Str("=*‘)  , 
Doubleton (t ,C“>value()) ) ) ) ; 

}; 


S_exp_list  *as_S_exp_list (CaseList  ♦enlist,  S_exp  *t){ 

if  (enlist  ==  NULL) 

{  return  new  S_exp_list  ;  } 

rsml_case  *tmp  =  c_list->hd; 

if  (c_list-‘>tl  ==  NULL) 

{  return  new  S_exp_list(as_S_exp(tmp,t))  ;  } 
return  new  S_exp_list (as_S_exp(tmp,t) , 
as_S_exp_lisr(c_list->tl,t)) ; 

}; 


12.20  globaLtable.h 

#ifndef  _ global_table_h_ 

tdefine  _ global_table_h_  1 

#include  <stdio.h> 

#include  " st at e_ value  .h'‘ 

#include  '* trans it ion_ value  .h** 

//  For  now,  these  are  the  only  things  I  need  to  keep  track  of  are: 

//  the  correspondence  between  state  valuess  and  their  integer  codes; 

//  the  correspondence  between  transition  values  and  their  integer  codes; 
//  the  tables  coding  leq  (among  states),  parallel  (among  states), 

//  and  compatible  (among  transitions), 

//  1^11  add  member  functions  as  I  need  them. 
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class  global_table  { 
public : 


global.tableO  {  state_codes  =  (state_value  ♦*)0; 
transit ion_codes  =  (transit ion_ value  **)0; 
child_of  =  leq  =  compatible  =  (int  **)0; 
num_ states  =  num.transitions  = 
num_ events  =  0; 

}; 


//  Stuff  to  do  with  states 

//  Allocates  state.codes  (uninitialized), 

//  child^of ,  leq  (initialized  to  O’s) 

void  allocate_states(int  size); 

int  number_of_states()  {  return  num^states;  }; 
void  display_state_codes(FILE  ’►f )  ; 

state_value  ♦state_at(int  c)  //  assumes  c  <  num_states 
{  return  state_codesCc] ;  }; 

int  code_of_state(Str  *3) ;  //  returns  -1  if  s  can’t  be 

//  found  in  state^codes 

//  Has  side  effect  on  ♦this.  Assumes  code  of  state  value  <  num_states, 
//  Returns  dummy  value  of  0,  always.  Puts  state_value  with  code 
//  n  in  slot  n  of  state_codes. 

int  set_state_code(state_ value  *val)  ; 

if  Assumes  codel,  code2  <  num.states;  leq  is  complete.  Returns 
//  code  of  the  sup  in  the  state  hierarchy. 

int  sup (int  codel,  int  code2) ; 

//  Assiimes  codel,  code2  <  num„states  (could  get  into  an  infinite 
//  loop  otherwise);  leq  is  complete.  Returns  code  of  the  state 
//  that  an  arrow  from  code_from  to  code_to  actually  leaves. 

int  leaves(int  code^from,  int  code_to) ; 

/ /  if.if.if.if.if.-if.if.  Stuff  to  do  with  the  state  hierarchy 

//  Has  side  effect  on  *this.  Assumes  parent_code  <  num_states,  as 
//  are  codes  of  all  state  values  in  *  child,  values .  For  each  code  i  in 
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//  *child_values ,  sets  child_of  [i, parent _code]  =  1. 

int  set^child.of  (StateValueList  *child^values,  int  parent _code )  ; 
void  display^child^of  (FILE  *f)  ; 

//  Assumes  child_of  is  complete.  Completes  leq  the 

//  reflexive,  transitive  closure  of  child^of  (via  Warshall’s  algorithm.) 

int  set_leq() ; 

void  display_leq(FILE  *f )  ; 

if  Assumes  codel,  code2  <  num^states;  leq  complete. 

int  parallel (int  codel,  int  code2) ; 

//  :|c**j(c4c**4:**  Stuff  to  do  with  transitious 

//  Allocates  transit ion_codes ,  compatible  (uninitialized) 

void  allocate_transitions(int  size); 

int  number _of_trans  it  ions  0  {  return  num_transitions;  }; 

int  set_transition_code(transition_value*val)  ; 

//  Assumes  leq  *and*  transition_codes  are  *both*  complete,  and 
//  that  compatible  has  been  allocated  and  initialized  to  O's.  Effect 
//  is  to  complete  ’’compatible";  i.e.,  compatible [i]  Cj]  ==  1  iff 
//  transitions  i  and  j  are  compatible. 

int  set^compatibleO  ; 

void  display_transition_codes(FILE  *f  )  ; 
void  display_compatible(FILE  *f )  ; 

//  Do  entry. op  for  each  i,  j,  k  such  that  compat [i]  [j]==k 

void  do_t  o. compat  ible(  void  (♦entry.op)  (int ,  int,  int,  FILE*), 

FILE  *f ) ; 

//  stuff  to  do  with  events 

void  set  .event  .count  (int  size)  {  num.events  =  size;  }; 
int  number.of.eventsO  {  return  num.events;  }; 

f  J  DUIOmy 

int  dvumydnt  i)  {  state_codes[i]->print(stdout)  ;  return  0;  }; 
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private : 


//  Rep  invariant: 

//  state^codes  has  size  num^state 

//  transit ion_ codes  has  size  num_transitions 

//  child_of  is  nujn_state  square 

/ /  leq  is  num^state  square 

//  compatible  is  nxim.  transit  ions  square 

//We  may  not  really  need  to  keep  the  integer  values  explicitly, 
//  since  they  can  be  read  off  the  global  rsml^state. 

int  num_states; 
int  num_ transit ions; 
int  num_e vents; 

state_value  ♦♦state^codes; 

trans it ion_ value  **trctnsition_codes ; 

int  **child_of; 

int  **leq; 

int  **compatible; 

}; 


// 


#endif 


12.21  global_table.cc 


#include  "global_table.h'’ 
#include  “combinatorics.h'* 


#define  TwoDArray(arr ,  typ)  \ 

{  int  counter,  inner;  \ 

arr  =  (typ  **)malloc(size  ♦  sizeof (typ*) ) ;  \ 

for  (counter  =  0;  counter  <  size;  counter++)  \ 

■C  arrCcounter]  =  (typ  *)malloc(size  *  sizeof  (typ))  ;  }  \ 
for  (counter  =  0;  counter  <  size;  counter++)  \ 
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} 


{  for  (inner  =  0;  inner  <  size;  inner++) 
arr [counter]  [inner]  =  0;  } 


#define  OneDArrayCarr ,  typ)  \ 

arr  =  (typ  ♦)inalloc(size  *  sizeof  (typ)) 


\ 

\ 


//  Allocates  state_codes  (iminitialized)  , 

//  child_of,  leq  (initialized  to  O’s) 

void  global^table: :allocate_states(int  size){ 

nuiii_states  =  size; 

OneDArr ay (st at encodes,  state_value*) ; 
TwoDArray(child_of ,  int)  ; 

TwoDArraydeq,  int); 


}; 


//  Allocates  transit ion.codes ,  compatible  (uninitialized) 
void  global^table : : allocate_transitions (int  size) { 
num.transitions  =  size; 

OneDArray(transition_codes,  transition. value*)  ; 
TwoDArray (compatible ,  int); 

}; 


int  global_table : :set.state_code(state_value*val)l 

state_codes[val->code()]  =  val; 
return  0; 

}; 


void  global.table : :display_state_codes(FILE*f ){ 
for  (int  i  =  0;  i  <  num.states;  i++) 

stat encodes [i] ~>print (f ) ; 
fprintf (f ,"\n") ; 

} 

>; 
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int  global^table; :set_child_of(StateValueList ♦child. values, 
int  parent.code){ 

StateValueList  ♦iter  =  child. values ; 

/♦  Diagnostics. 

printf  ("Input  parent. code  =  Xd\n"  ,parent.code)  ; 
printf  ("Input  child. values  =  ")  ; 
while  (  iter  !=  NULL  ) 

{  it er“>head() .print (stdout) ; 
print! ("  ") ; 
iter  =  iter~>tail() ; 

} 

print! ("\n") ; 

♦/ 

while  (  child.values  !=  NULL  ) 

{  child.o![child.values->head() .codeO] [parent.code]=  1; 
child.values  =  child.values-->tail() ; 

> 


void  global.table :  :  display.child.o!  (FILE  ♦!)  { 
!or  (int  row  =  0;  row  <  n\ain. states;  row++) 

{  state.codes  [row]  *“>str  ()“>print  (!)  ; 
!print!(f  , "  <  :  ")  ; 

tor  (int  col  =  0;  col  <  num.states;  col++) 
{  i!  (child.o! [row] [col]  ==  1) 

I  state.codes[col]->str()-'>print(!)  ; 
!print!(!,"  ") ; 

} 

} 

!print!(!,"\n") ; 

} 


}; 


int  global.table: :set.leq(){ 

trans.retlex.closure (child.o!,  num.states,  leq)  ; 
return  0; 

}; 


void  global.table: :display.leq(FILE  ♦!){ 

!or  (int  row  =  0;  row  <  num.states;  row++) 
{  state.codes[row]->str()->print(!) ; 
!print!(!,"  <=  :  ")  ; 
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for  (int  col  =  0;  col  <  num^states;  col++) 

{  if  (leqErow]  [col]  ==  1) 

{  state_codes  [col]  *->str ()  •**>print  (f  )  ; 
fprintfCf,"  "); 

} 

} 

fprintfCf  ,'‘\n"); 

} 

}; 

int  global_table: :code_of_state(Str  *s){ 
int  i  =  0; 

while  (  i  <  num_states  !  (state_codes[i]->str()->equals(s))  ){ 
i++; 

} 

if  (i  <  num^states) 

{  return  i;  } 
else 

{  return  -1;  } 


}; 


int  global_table: : set _trans it ion^code (transit ion_value+val){ 
transition_codes[val->code()]  =  val; 
return  0; 


}; 


//  Th  ”::sup'’  seems  to  tell  the  compiler  that  the  sup  intended  is 
//  not  this  one,  so  it  manages  to  find  the  one  defined  in 
//  combinatorics.h.  If  this  function  gets  called  a  lot  it  might 
//  make  sense  to  store  all  its  values  in  a  table  (note  that, 

//  since  it’s  symmetric,  we  only  need  to  compute  half  the  table). 

int  global_table: :  sup  (int  code  1 ,  int  code2)-C 
return  : :sup(leq,  num_states,  codel,  code2) ; 

}; 


int  global_table: :  leaves  (int  code  „from,  int  code_to){ 

int  s  =  ::sup(leq,  num_states,  code_from,  code_to) ; 

if  (s  ==  code_from) 

{  return  code^from;  } 

int  i  =  0; 
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while  (  \  (leqCcode.from]  [i]  &&  child_of  [i]  [s]  )  ) 
i++; 


return  i; 


>; 


void  global_table: :display_transition_codes(FILE*f ){ 
for  (int  i  =  0;  i  <  nujB„  transit  ions;  i++) 

{ 

transition_codes[i]~>print(f ) ; 
fprintf  (f  ,‘’\n'’) ; 

} 

}; 


int  global^table: :  parallel  (int  code  1 ,  int  code2){ 
return  (  (!  leq[codel] [code23)  && 

(!  leq[code2] [codel])  ftft 

(state^at (sup (code 1 ,code2))->kind()  ==  AndState) 

); 

}; 


int  global_table : :set_compatible(){ 
int  i,  j; 

for  (i  =  0;  i  <  num^transitions;  i++) 
for  (j  =  0;  j  <  i;  j++) 

compatibleCi]  [j3  -  compatible  [j]  [i]  = 
(parallel (transit ion_codes [i] “>source () , 
transit ion_codes[j]“>source())  && 
parallel (transition^codes [i] ->destination()  , 
transition^codes [ j] ~>dest inationO ) ) ; 

}; 


void  global_table : ; display ^compatible (FILE *f) { 
for  (int  i  =  0;  i  <  num.transitions ;  i++) 

{ 

fprintf(f, “Transition  "); 
transit  ion.codes  [i]  ->name  ()  -‘>print  (f  )  ; 
fprintf(f,“  compat  with:  “) ; 
for  (int  j  =  0;  j  <  num^transitions;  j++) 
if  (compatible [i] [j] ) 

{  transition_codesCj]->name()->print(f) ; 
fprintf(f,  “  '»);  } 
fprintf (f ,“\n") ; 

} 

fprintf (f ,“\n") ; 

}; 
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void  global^table:  :do_to_compatible(void  (♦entry_op)  (int ,  int,  int,  FILE*), 
FILE  *f){ 

for  (int  i  =  0;  i  <  num^transitions ;  i++) 
for  (int  j  =  0;  j  <  num^transitions ;  j++) 
entry_op(i,j ,compatible[i] [j] ,f) ; 

}; 


12.22  load.h 

/4c:tc^4c*^4c*********4c**********************4c*******](e***************** 

* 

*  Hacked  from  simmMain.H 

* 

3|c4c4C*«************************************************************/ 

#ifndef  _load_h 
#define  _load_h 

int  load (char  *f ilename) ; 

#endif 


12.23  load.cc 


/4c4c«4c****3|c4c************************************************************** 

*  Hacked  from  simmain.C  - 

* 

*  Purpose :  parsing 

4c4c*4c**4c^«4c4:****:(c4:*3tc#4c3|e*a|c3|c*4E9fe**3|(a|e*#*:4c4c4c:fe4e********^******]|c](c4c*4c************/ 


# include 
# include 
#include 
#include 
#include 
# include 
#include 
#include 
#include 


<stdio.h> 

<string.h> 

<stdlib.h> 

<iostream.h> 

"conf igurat ion . h" 
•’load.h" 

"table. h" 
"rsml_state . h" 
"str.h" 
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tinclude  ’’global .table  .h" 

extern  int  yylexO  ; 
extern  int  yyparseO; 

extern  global.table  glob; 

extern  int  yyerrorCchar  *) ; 
extern  FILE*  yyin; 
extern  int  parser.passNum; 
extern  void  display.tableO  ; 

extern  rsml.state  rsml;  //  Statistics  about  the  definition, 

//  gathered  during  parsing. 

table  najne.table;  //  Stands  in  for  symbol  table 


// - 

//  load  is  a  hacked  version  of  rsml. load  — 

// - 

int 

load (char*  filename) 

yyin  =  fopen (filename,  "r”) ; 
if  (!yyin)  { 

printf ("Couldn’t  open  f ile\n") ; 
return  1; 

} 

parser  .passNum  =  0 ; 
while  (yylexO); 
f close (yyin) ; 

glob , allocate.states (rsml . state.count () ) ; 

glob. allocate.trans it ions (rsml .transit ion.count () )  ; 

glob . set .event .count (rsml , event.count () ) ; 

yyin  =  fopen  (filename ,  "r"); 
parser  .passNum  =  1 ; 

yyparseO;  //  This  is  what’s  calling  Ox. 
return  0; 

} 
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12.24 


main.cc 


extern  char  *handleCLopts(int  argc,  char  **argv)  ; 
extern  int  load(char  ilename) ; 

#include  "state_value .h” 

main (int  argc,  char  ♦♦argv) 

{  int  status; 

char  ♦the^f ilename; 

the^filename  =  handleCLopts(argc ,argv) ; 
status  =  load(the_f ilename) ; 
exit (status) ; 

} 


12.25  misc_utilities.cc 


#include  <stdlib.h> 

#include  <stdio.h> 

#include  "misc_utilities .h" 

char  *de  cor  ate  (char  ^s,  int  n){ 

char  ♦decorated^s ; 
int  mag,  ten_to_mag; 

for  (mag  =  1,  ten^to^mag  =  10;  ten_to_mag  <=  n; 
ten_to_mag  =  ten_to_mag*10,  mag++){;} 

decorated.s  =  (char  *)malloc(strlen(s)+mag+l) ; 
sprintf (decorated_s,  "•/.s7.d",  s,  n); 
return  decorated^s; 


}; 


int  yyerror(char  *s){ 
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fprintf (stderr,  "Oops!:  %s\n",  s) ; 
return  0; 

}; 


12.26  misc.utilities.h 

#ifndef  _ misc_utilities_h_ 

#define  _ misc.utilities_h_  1 

//  If  s  is  the  string  "foo"  and  n  is,  say,  17,  this  returns  the  string 
//  "fool7" 

char  *d€corate(char  *s,  int  n) ; 

//  Currentlt,  this  does  nothing  but  post  "Oops!"  to  standard  error 
//  and  return  0 

int  yyerror(char  ♦) ; 

#endif 


12.27  pvs_state.h 

#ifndef  _ pvs_state_h_ 

#define  _ pvs„state_h_ 

class  pvs_state  { 

public: 

pvs^stateO  {  call^number  =0;  }; 

//  Successive  calls  of  suffix  return  " _ 1",  " _ 2",  " _ 3",  etc. 

char  *suff ix() ; 
private : 
int  call.number; 

}; 
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#endif 


12.28  pvs_state.cc 

#include  "pvs_state .h” 

#include  "inisc_utilities.h" 
char  ♦pvs^state: :suff ix(){ 

return  decorate  (" _ *'  ,++call_number)  ; 

}; 


12.29  pvs_types.h 

tifndef  _ pvs_types_h_ 

#define  _ pvs_types_h_ 

#include  <stdio.h> 

#include  "str.h" 

//  Probably,  this  ought  to  follow  the  model  of  S.exp  and  have  an 
//  abstract  base  class  with  children  that  represent  the  different 
//  kinds  of  type  constructors. 

class  PVS_type_exp  { 

public: 

PVS_type_exp(Str  *name)  ; 
void  print (FILE  *f ) ; 
private: 

Str  *type_name; 


}; 


#define  PVS_bool  new  PVS_type_exp(new  Str  ("bool”)  ) 
tendif 
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12.30 


pvs_types.cc 


#include  *'pvs_types.h'‘ 

PVS^type^exp:  :PVS.type_€xp(Str  *name){ 
type^name  =  name; 

>: 


void  PVS_type_exp: : print (FILE  ♦!){ 
type_naiiie->print(f ) ; 

}; 


12.31  rsml_state.h 


#ifndef  _ rsml_state_h_ 

#define  _ rsml_state_h_  1 

#include  “simple^list .h" 

class  rsml^state  { 

public : 

rsml_state()  {  total_states  =  total^events  =  total^transitions  = 
current_state  =  current^event  = 
current  .transit  ion  =  0;  }; 

int  bump.state.count ()  {  total.states++;  }; 
int  state.countO  {  return  total.states;  }; 
int  get.state.codeO  {  return  current_state++;  }; 

int  bump.event.count  ()  {  total_events++;  }; 
int  event  .count  ()  {  return  total.events ;  }; 
int  get.event.codeO  {  return  current.event++; 

int  bump.transition.count  ()  {  t  ot  al. transit  ions ++;  }; 
int  transition.countO  {  return  t  ot  al.tr  ans  it  ions;  }; 
int  get.transition.codeC)  {  return  current . tr ans  it  ion++;  1; 

//We  could  have  the  ’’get"  functions  raise  an  error  if  things 
//  get  screwed  up  and  current  is  ever  >  total. 

//We  need  to  be  able  to  set  and  read  the  top-’level  state. 

//  The  "set"  function  should  be  private,  and  available  only  to 
//  one  friend  that’s  called  during  parsing. 
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void  print (FILE  *f ) ; 


private: 

int  total_states ; 
int  total_events; 
int  total_transitions ; 
int  current  _  St  at  e ; 
int  current _ event ; 
int  current _trans it ion; 

}; 

tend if 


12.32  rsml_state.cc 


#include  <stdio.h> 

#include  "rsml_state.h" 

void  rsml_state:  :  print  (FILE  *f){ 

fprintf(f,  "states  =  ^d\n'‘ ,total_states)  ; 
f printf  (f ,  "events  =  y,d\n"  ,total_e vents)  ; 
f print! (f , "transitions  =  yd\n" ,total_transitions) 

}; 


12.33  scaled-integer.h 

#ifndef _ scaled.,  int  eger_h_ 

#define  _ scaled^ integer _h_  1 

#include  <stdlib.h> 

#include  "str.h" 
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//I  don’t  know  what  parts  of  these  things  I’ll  ultimately 
1 1  want.  More  information  is  available  in  local  variables  of  the 
//  constructor,  and  that  could  be  made  public,  too. 

//  NOTE:  If  the  integer  part  and  exponent  part  are  too 
//  big  this  will  produce  nonsense. 

enum  Sign  {  neg,  zero,  pos  }; 

class  scaled_integer  { 

public: 

//  This  will  assume  that  lit  matches  the  YACC-style  regular 
//  expression 
// 

//  ( [0-9] [0-9^] * ( [ . ] [0-9 J  +) ? ( [Ee] [-+] ? [0-9  ] +) ?) 

// 

//  RSML  also  permits  hex  expressions  but  I’ll  skip  them  for  now. 
scaled,. integer(Str  *lit) ; 

//  For  now  I’ll  assume  that  theories  will  want  to  represent 
//  reals  as  (integer , exponent)  pairs. 

int  integer_part ()  {  return  int_val;  }; 
int  signed_exp()  {  return  signed_exp_val;  }; 
int  absolute^expO  { 

return  (signed_exp_val  >=  0  ?  signed.,exp  val  :  -signed_exp_val)  ; 

>; 

Sign  sign_of_exp()  { 

return  (signed„exp_val  <  0  ? 
neg  : 

(signed_exp_val  ==  0  ? 
zero: 
pos)) ; 

}; 


//  Returns  pointer  to  equivalent  (new)  sc aled_ integer  with  the  largest 
//  possible  exponent. 

scaled. integer  ★normalizedO  ; 

//  Returns  pointer  to  (new)  equivalent  scaled. integer  with  exponent. 
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//  "as  close  as  possible"  to  signed_exp_val.  For  example 
//  rescale (real (10,  2),  -2)  becomes  real(10_0000,  -2) 

//  rescale  (real  (10,  2),  3)  becomes  real(l,  3) 

//  rescale  (real  (10,  2),  4)  becomes  real  (1,  3),  also  — 

//  as  there ^s  no  way  to  push  the  exponent  above  3. 

scaled_integer  *rescale(int  new_exp)  ; 


private: 

int  int_val; 

int  signed^exp^val; 

scaled,  integer  (int  i,  int  e)  {  int.val  =  i; 
signed.exp.val  =  e;  }; 

//  Has  a  side-effect  on  "this" ,  changing  it  to  an 
//  equivalent  form  with  greatest  possible  exponent. 

void  normO  ; 


}; 


#endif 


12.34  scaledJnteger.ee 

#include  "scaled.integer .h" 

scaled. integer : :  scaled.integer  (Str  *lit)  { 

int  length  =  lit->len() ; 
int  s.loc  =  0; 
int  b_loc  =  0; 
int  a.loc  =  0; 
int  €_loc  =  0; 

Sign  exp.sign  =  pos; 

//  The  next  strings  will  hold,  respectively,  the  string 
//  before  the  decimal  point,  the  string  after  the  decimal 
//  point,  and  the  exponent  string.  To  each  we  allocate  the 
//  meocimtim  possible  space  (slightly  wasteful). 
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char  *before_dp,  ♦after .dp,  ♦e; 


before.dp  =  (char  ♦) (malloc(length)+l) ; 
after.dp  =  (char  *) (malloc (length) +1) ; 
e  =  (char  *) (malloc (length) +1) ; 

//  Discarding  initial  zeroes 

while  (s.loc  <  length  lit->str [s_loc]  ==  ’OO 

{  S.I0C++;  } 

//  Filling  up  before.dp: 

while  (  s.loc  <  length  lit->str[s.loc]  !=  ft& 
lit->strCs_loc]  !=  'e’  &&  lit->strCs_loc]  !=  ’.O 

//  Loop  invar:  s.loc  <=  length 

//  and  before.dpCO, .b.loc~l]  =  lit->str[0. .s.loc-1]  with 

//  removed 

//  and  lit->str[0.  .s_loc-l]  has  no  ’e\  or 

// 

//  Note:  It  follows  automatically  that  b.loc  <=  s_loc 

{ 

if  (  lit“>str [s.loc]  !=  ) 

bef ore_dp[b.loc]  =  lit->str [s.loc] ; 
b.loc++ ; 

} 

S.I0C++; 

} 

//  Since  b.loc  <=  s.loc  <=  length,  the  following  assignment  is  OK 
bef  ore.dpLb.loc]  =  ’\0*; 

//  If  s.loc  <  length,  lit->str [s.loc]  is  'E' ,  or 

//  Filling  up  after .dp: 

if  (lit~>str [s.loc]  ==  ’.O 

S.I0C++; 

while  (  s.loc  <  length  &&  lit->str[s_loc]  !=  ’E’  && 
lit->str[s_loc]  !=  ’e’  ) 

{ 

if  (  lit->str [s_loc]  !=  ) 
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{ 

after_dp[a_loc3  =  lit->str [s_loc] ; 
a_loc++; 

} 

s_loc++; 

} 

} 

after_dp[a_loc]  =  ’\0’; 

//  If  s_loc  <  length,  lit->str [s_loc]  is  //  or  ’e’. 
s_loc++; 

//  Filling  up  e.  If  the  next  string  begins  with  a 
//  we  change  the  value  of  exp^sign  to  neg. 

while  (  s_loc  <  length  ) 

if  (  lit->str [s^loc]  ==  ) 

{  exp^sign  =  neg; 
s_loc++; 

} 

else 

{  if  (  lit->str [s_loc]  !=  ^  +  '  ftft  lit“>str [s_loc]  != 

e[e_loc3  =  lit“>str [s_loc3 ; 
e_loc++; 

} 

s_loc++; 

} 

} 

e[e_loc]  =  ^\0’; 

//  Tiny  normalization  for  the  special  case  in  which  after.dp 
//  is  0  (and  final  correction  of  exp_sign,  for  0  exponent). 

if  (  atoi(after_dp)  ==  0  ) 

{  int^val  “  atoiCbef ore_dp) ; 
signed_exp_val  = 

(exp^sign  ==  pos  ?  atoi(e)  :  -atoi(e)); 

if  (signed_exp_val  ==  0)  {  exp_sign  =  zero;  } 

} 
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//  Like  previous  case,  but  taking  after^dp  into  account 
else 

{  char  *dujii; 

dum  =  (char  ♦) (mallocClength+l) ) ; 
strcpy(dum,before_dp) ; 
strcpyCdum  +  b_loc ,after_dp) ; 
int_val  =  atoiCdum); 
signed_exp_val  = 

(exp^sign  ==  pos  ?  atoi(e)  :  -atoi(e))  -  strlenCafter_dp) ; 
if  (signed^exp^val  ==  0)  {  exp^sign  =  zero;  } 

} 


/* 


printf("Just  generated  the  scaled  integer: \n") ; 

printf  ("integer  =  y,d,  exponent  =  Xd\n" , int_val,signed_exp_val)  ; 


}; 


void  scaled^intsger: :norm(){ 
if  (  int_val  ==  0  ) 

{  signed,. exp_val  =  0;  retiim;  } 
if  (  int^val  7.  lo  ==  0  ) 

{  int^val  =  int_val/10; 

signed_exp_val  =  signed_exp_val+l ; 
normO;  } 

}; 


scaled^ integer  *scaled_ integer:  :nor3nalized(){ 

scaled^ integer  ♦si  =  new  scaled_integer(int_val ,  signed_exp..val)  ; 
si->norm() ; 
return  si; 


}; 


scsLled^ integer  ♦scaled. integer: : rescale (int  new.exp)! 
scaled. integer  ♦si; 
si  =  normalizedO ; 

int  diff  =  si->signed.exp()  -  new.exp; 
if  (diff  <=  0)  {  return  si;  } 
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//  Multiply  the  integer  part  of  si  by  10**diff 

for  (int  i  =  1;  i  <=  diff ;  i++) 

{  si->int_val  =  si->int_val  *  10;  } 

//  Reduce  the  exp  part  of  si  by  diff 

si~>signed_exp_val  =  si->signed_exp_val  -  diff; 

return  si; 

}; 


12.35  s_exp.cc 

#include  *’s_exp.h" 

APPLICATION  ♦***♦♦*♦/ 

void  Application: ;  print  (FILE  *f){ 
fprintfCf  ,'>(‘0; 
fcn->print  (f  )  ; 

if  (J  args->isEmpty () )  {fprintfCf,  ”  “)  ;  args->print (f ) ;} 
fprintfCf, 

}; 

//  eves^print  simply  changes  a  couple  of  the  "native  names"  for 
//  operations:  "/"  — >  "div",  and  inary  — >  "negate" 

void  Application: :  eves_pr int  (FILE  *f){ 

if  (  f  cn->equals(new  Str  ("/"))  ) 

i  (new  Application(new  Str("div")  ,args))->print(f)  ; 
return;  } 

if  (  fcn“>equals(new  Str ("-"))  &&  args“>length()  ==  1  ) 

i  (new  Applicat  ion (ne w  Str  ("negate" )  ,args))->pr int  (f)  ; 
return ;  } 

print (f) ; 

}; 

//  Auxiliaries  for  pvs_print  is  a  little  kludgy,  since  (AND  x  y) 


it  yields  (AND  x  y) ,  but  does  so  in  a  roundabout  way,  going  through 
//  (AND  X  (AND  y))  as  a  way-station. 

S_exp  *Application: ;unwind_binary(){ 

if  (  args->isEmpty()  ) 

{  return  this;  } 
if  (  args->tail()->isEmpty ()  ) 

{  return  args->head() ;  } 

S_exp  ♦unwound_tail  = 

Application(fcn,args->tail()) .unwind^binary () ; 

S_exp_list  *argt_pair  = 
new  S_exp_list(args->head() , 
new  S_exp„list (unwound^tail)) ; 

return  new  Application(f cn,  argt_pair) ; 

}; 


//  This  prints  multi-adic  ANDs  and  ORs  as  is,  and  writes 
//  "(Foo)"  as  as  "Foo",  not  as  ’'Foo()". 

void  Application:  :pre_pvs_print(FILE *f  ){ 
fcn->print (f ) ; 
if  (  !  args->isEmpty()  ) 

{  fprintf  (f ,’'(”)  ; 

args->pvs_print(f ,  •<,  ")  ; 
fprintf(f,  } 

}; 


//  This  should  do  the  trick. 

void  Application:  :pvs^print  (FILE  *f ){ 

if  (  strcmp(fcn->str,*’AND*’)  —  0  || 
strcmp(fcn->str, "OR")  ==  0  ) 

{  ((Application  ♦)  (this->unwind_binary()))->pre_pvs_print (f )  ;  } 
else 

{  this->pre_pvs_print (f ) ;  } 

}; 


int  Application: : equals (S_exp  *t)  { 
if  (this  ==  t)  return  TRUE; 
if  ( !t->isApplication())  return  FALSE; 
if  (!fcn->equals(( (Application ♦)t)->fcn))  return  FALSE; 
if  (!args->equals(((Application*)t)->args))  return  FALSE; 
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return  TRUE; 


}; 


variable  ♦♦♦*♦♦♦♦/ 

void  Variable :: print  (FILE  *f){ 
naine->print  (f  )  ; 

}; 


void  Variable: : eves_print (FILE  *f){ 
nan!e“>print  (f  )  ; 

}; 


void  Variable: :pvs_print (FILE  *f){ 
naine->print(f  )  ; 

}; 


int  Variable:  : equals (S_exp  *t){ 
if  (this  ==  t)  return  TRUE; 
if  ( !t->isVariable())  return  FALSE; 

if  (  !naiBe“>equals(( (Variable  ★)t)->name))  return  FALSE; 
return  TRUE; 

}; 


INTEGERLITERAL 

void  IntegerLiteral: :  print  (FILE  *f){ 
if  (  val  <  0  ) 

{  (new  Application(new  Str  ('*-*’)  , 

new  S_exp_list (new  IntegerLiteral(-val)))) 
->print(f);  } 

else 

{  fprintf (f val);  } 


}; 


void  IntegerLiteral: : eves_pr int  (FILE  ♦!){ 
if  (  val  <  0  ) 

{  (new  Application(new  StrC’negate”)  , 

new  S_exp_list(new  IntegerLiteral(~val)))) 
~>print (f ) ;  } 

else 

{  f printf  (f ,  ")id" ,  val)  ;  } 


}; 
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void  IntegerLiteral: :pvs_print (FILE  *fp){ 
fprintf  (fp,"*/.d”,  val) ; 

}; 


int  IntegerLiteral: : equals (S_exp  *t){ 
if  (this  ==  t)  return  TRUE; 
if  ( !t->isConst ant ())  return  FALSE; 

if  (!  ((Constant  *)t)->isIntegerLiteral())  return  FALSE; 
if  (val  !=  (((IntegerLiteral  *)t)~>val))  return  FALSE; 
return  TRUE; 

}; 


/♦♦******  REALLITERAL 

void  RealLiteral: :  print  (FILE  *fp){ 

S_eip  =  new  IntegerLiteral (si->signed_ exp ()) ; 
S_exp  *i  =  new  IntegerLiteral (si->integer_part  ())  ; 

(new  Application  (new  StrC’decimal**)  , 

Doubleton(i,  e)))->print(fp) ; 


}; 


void  RealLiteral : :  eves„print  (FILE  *f  p)  { 

S.exp  *e  =  new  IntegerLiteral (si->signed_ exp ()) ; 
S^exp  *i  =  new  IntegerLiteral (si~>integer_part ()) ; 

(new  Application  (new  Str(  "decimal'*)  , 

Doubletond,  e)))~>eves_print  (fp)  ; 


}; 


void  RealLiteral: : pvs_pr int (FILE  *fp) { 

S^exp  ♦e  =  new  IntegerLiteral (si->signed_exp ()) ; 
S^exp  *i  =  new  IntegerLiteral (si->integer_part  ())  ; 

(new  Application  (new  Str(  "decimal")  , 

Doubletond,  e)))->pvs_print(fp)  ; 


}; 
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int  RealLiteral : :  equals  (S_exp  *t)  { 


}; 


/4c***********  MISC  S_EXP  OPERATIONS  ♦♦♦************/ 

int  S_exp: : equals (S_exp  ♦t)  { 

fprintfCstderr, ’’erroneous  call  of  S_exp:  : equals\n")  ; 
print (stdout) ; 
return  FALSE; 

}; 


S.exp  ♦S^exp: :And(S_exp  *x){ 
return  new  ApplicationC 
new  StrC’AND”), 


}; 


new  S_exp_list  (this, new  S_exp_list(x) ) )  ; 


S_exp  *S_exp; : Implies (S_exp  *x){ 
return  new  ApplicationC 

new  Str( "IMPLIES"), 

new  S_exp_list (this, new  S_exp_list  (x) ) )  ; 

}; 


S_exp  *S_exp: : Equals (S_exp  *x)-C 
return  new  ApplicationC 
new  Str("="), 

new  S_exp_list (this, new  S_exp_list (x)) )  ; 

}; 


S_exp  *S_exp: :0r (S_exp  *x){ 
return  new  ApplicationC 
new  StrC'OR"), 


}; 


new  S_eip_list  (this  ,new  S„exp_list  (x)  )  )  ; 


S_exp  *S_exp: :Not(){ 
return  new  ApplicationC 

new  Str("N0T"), 

new  S_exp_list(this)) ; 

} 

Str  *S_exp: :PConnName(){ 

return  new  Str("$$error$$") ; 

}; 
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/******♦♦  S.EXP.LIST  *♦****♦♦/ 

void  S  exp  list :: print  (FTT.F.  *f)  { 
list  print (f,  "\n”) ; 

}; 


void  S_exp_list : :€ves_print(FILE  )  { 

if  (  this-->isEmpty()  ) 

{  return;  } 
else 

{  this->head()->eves_print (f ) ;  } 
if  (  !this->tail()->isEmpty()  ) 

{  fprintfCf/’  (this->tail())“>eves.print  (f )  ;  } 


}; 


void  S_exp_list :  :pvs_print(FILE  *f ,  char  *sep)  { 

if  (  this-‘>isEmpty ()  ) 

{  return;  } 
else 

{  this'>head()“>pvs_print (f ) ;  } 
if  (  ?  this->tail  ()~>isEnipty ()  ) 

{  fprintf (f ,sep);  (this->tail())->pvs^print (f ) ;  } 


}; 


void  S_exp_list : :pvs_print(FILE  *f )  { 
pvs_pr int (f ,  "  " ) ; 

>; 


S_exp  *S_exp_list : : 0r(){ 

return  new  Application  (new  StrC’OR")  .this)  ; 

>; 


S.exp  *S_exp_list: :And(){ 

return  new  Application  (new  StrC’AND'*)  .this)  ; 

}; 


S^exp^list  *S^exp_list: ;NegateAll(){ 

if  (list  ==  NULL) 

{  return  new  S_exp_list;  } 
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else 

{  if  (  list->tl  ==  NULL  ) 

{  return  new  S_eip_list(this->head()->Not()) ;  } 
else 

{  return  nen  S_exp_list(this->head()->Not() , 
this->tail()->  NegateAlK));} 

} 


>: 


12.36  s_exp.h 

#ifiidef _ s_erp_h_ 

#define  _ s_exp_h_  1 

#include  <stdio.h> 

#include  <stdlib.h> 

#include  <string.h> 

#include  '‘obj.h” 

#include  "list.h" 

#include  "str.h” 

#include  "scaled^integer .h" 

class  S_exp  { 
public: 

virtual  int  isConstant ()  {  return  FALSE;  }; 
virtual  int  isVariableO  {  return  FALSE;  }; 
virtual  int  isApplicationO  {  return  FALSE;  }; 
virtual  int  isRealLiteralO  {  return  FALSE;}; 

S_exp  *And(S_exp  *x) ; 

S_exp  ♦Implies (S_erp  *x) ; 

S_€xp  *0r(S_exp  *x) ; 

S_€xp  ♦Not  0 ; 

S_exp  ♦Equals (S_exp  ♦) ; 

virtual  int  equals (S_exp  ♦)  ; 

virtual  Str  ♦PConnNameO ; 

virtual  void  print  (FILE  ♦fp)  {  return;  }; 

virtual  void  eve s_pr int  (FILE  ♦fp)  {  return;  }; 

virtual  void  pvs_pr int  (FILE  ♦fp)  {  return;  }; 

//  Add  the  following  function: 

// 

//  virtual  Str  ♦like_C()  {  return;  } 
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// 

//  which  returns  a  "C-style  string”  —  operators 
//  like  and  are  returned  infix;  "AND"  becomes 
//  "ftft"  (multi-adic  ANDs  are  unwoimd,  0-ary  and  1-ary 
//  become  TRUE  and  no-op,  respexly) .  It’s  assumed  that 
//  the  input  S_exp  is  one  for  which  such  treatment 
//  makes  sense  —  only  binary  uses  of  binary  ops, 

//  only  unary  uses  of  unary  ops. 

}; 


class  S_exp_list  { 
private: 

List<S_exp>  *list; 

S_eip_list(List<S_exp>  *1)  {  list  =  1;  }; 
public: 

S_exp_list()  {  list  =  (List<S_eip>  *)0;  }; 
S«exp_list(S_exp*  v)  {  list  =  new  List<S_exp>(v)  ;  }; 

/*  Prepends  v  to  the  list  vl  */ 

S_exp_list (S_exp*  v,  S_exp_list^  vl) 

i  list  =  new  List<S_exp>(v,  vl->list);}; 

/*  List  operations  */ 


S_exp  ♦headO  {  return  list->hd  ;}; 

S_exp_list  *tail()  {  return  new  S_exp_list (list->tl) ;  }; 

int  lengthO  {  if  (list  ==  NULL)  {return  0;}  else  {return  list->len() ;}  }; 

int  equals (S.exp.list  *12)  {  list->equals(12->list)  ;  }; 

int  isEmptyO  {  return  list  ==  NULL 

/*  Returns  a  pointer  to  "this  ft  12".  The  lists  *this  and 
♦12  cire  the  same  as  before,  but  the  returned  list 
shares  things  with  them.  */ 

S_€xp_list  ♦Append (S_exp_l is t  *12)  { 

return  new  S_exp_list (list->Append(12->list)) ;}; 

/♦  Logical  operations  ♦/ 

S_exp  ♦0r() ; 

S_exp  ♦AndO  ; 
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S_exp_list  ★NegateAllO ; 


/*  Miscellaneous  ♦/ 

//  Produces  a  newline-separated  list  of  s-exp  forms  using  ’’native”  names 
void  print (FILE  ♦) ; 

//  Produces  a  space-separated  list  of  s-exp  forms  using  EVES  names 
void  eve s_print  (FILE  ♦fp)  ; 

//  Produces  a  list  of  PVS  forms  separated  by  *sep 

void  pvs_print  (FILE  *f ,  char  *sep)  ; 

//  Produces  a  space-separated  list  of  PVS  forms 
void  pvs_print  (FILE  *fp)  ; 

}; 


class  Constant  :  public  S_exp  { 
public : 

Constant (){}; 

int  isConstantO  {  return  TRUE;  }; 
virtual  int  isIntegerLiteralO  {return  FALSE;}; 
/*  We  don’t  need  a  separate  print  function  —  this 
will  dispatch  to  the  literal  class  */ 

}; 


class  IntegerLiteral  :  public  Constant  { 
private : 

int  val;  /*  changed  name  from  value  to  val  */ 
public: 

IntegerLiteral  (int  v)  {  val  =  v;}; 


/*  Accessor  */ 


int  value  0  {  return  val;  }; 

/*  Recognizer  */ 

int  isIntegerLiteralO  {return  TRUE;}; 

/♦  Overriding  virtual  functions  ♦/ 

void  print(FILE  *f); 
void  eves^print  (FILE  *f p)  ; 
void  pvs_print  (FILE  *fp)  ; 
int  equals (S^exp  *t)  ; 


}; 


/♦♦**j|c*3|t****3|c**********^:|c**^3,c******:|,***j(c*/ 

/*  A  lot  of  stuff  about  this  RealLiteral  class 
/♦is  provisional  —  in  particular,  representing 
/♦  them  internally  as  scaled  integers 


class  RealLiteral  :  public  Constant  { 
private : 

scaled_ integer  ♦si; 
public : 

RealLiteral (Str  ♦s)  {  si  =  new  scaled_integer(s)  ;  }; 
RealLiteral (scaled.integer ♦s)  {  si  =  s;  }; 

/♦  Recognizer  ♦/ 

int  isRealLiteralO  {return  TRUE;}; 

/♦  Overriding  virtual  functions  ♦/ 

void  print  (FILE  ♦! p)  ; 
void  eves_print (FILE  ♦fp)  ; 
void  pvs_print(FILE  ♦! p)  ; 
int  equals (S_exp  ♦t) ; 


}; 
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class  Variable  :  public  S_exp  { 

private : 
class  Str  *naine; 

public: 

Variable  (class  Str  *n)  {  name  =  n; 
/*  Accessor  */ 

Str  *VariableName()  {return  name;} 
/*  Recognizer  */ 

int  isVariableO  {  return  TRUE;  }; 

/*  Overriding  virtual  functions  */ 

Str  ♦PConnNameO  {return  name;  }; 
void  print  (FILE  *f)  ; 
void  eves_pr int  (FILE  *fp)  ; 
void  pvs_pr int  (FILE  ♦fp)  ; 
int  equals (S_exp  *t); 


}; 


class  Application  :  public  S_exp  { 

private : 

class  Str  *fcn; 

S_exp_list  ★args; 

//  If  *ap  is  (FOO  xl  x2  x3)  this  returns  ((FOO  xl  (FOO  x2  x3)). 

//  It’s  used  for  turning  multi-adic  ANDs  and  ORs  into  a  sequence  of 
//  binary  applications.  The  boimdary  cases:  (FOO  xl)  yields  xl; 

//  and,  right  now,  (FOO)  yields  (FOO)  —  but  that  doesn’t  really 
//  make  much  sense,  since  (AND)  is  true  and  (OR)  is  false.  The 
//  proper  use  of  this  is  therefore  to  test  initially  whether  the 
//  list  of  arguments  is  empty  (in  addition  to  testing  whether  the 
//  thing  is  truly  an  application) . 

S_exp  *unwind_binary() ; 

//  Auxiliary,  "dumb”  function  —  prints  ANDs  and  ORs  as  multi-adic 
//  operations. 


199 


void  pre^pvs Sprint  (FILE  ♦!)  ; 
public : 

ApplicationCclass  Str  *f,  S_exp_list  *a)  { 
fen  =  f ;  args  =  a;  }; 

ApplicationCclass  Str  *f)  { 

fen  =  f;  args  =  new  S_€xp_list () ;  }; 

/*  Accessors  ♦/ 

Str  *function()  {return  fen;}; 

S_exp_list  *<irguments()  {return  args;}; 

/*  Recognizer  */ 

int  isApplicationO  {  return  TRUE;  }; 

/*  Overriding  virtual  functions  */ 

Str  *PConnName()  {return  fen;}; 

void  print  (FILE  *f )  ; 
void  eve s_pr int  (FILE  p)  ; 
void  pvs_print  (FILE  *fp)  ; 
int  equals (S_exp  *t)  ; 


}; 


#define  EQ^SIGN  new  Str("=") 

#def ine  IMPLIES^SIGN  new  Str (» IMPLIES”) 

#define  false_S_ptr  new  Application  (new  Str  (“false”)) 
#define  true_S_ptr  new  Application  (new  Str  ("true”)) 

#define  DummyStr  new  Str ("Dummy ") 

#d€f ine  DummyExpression  new  Application (DummyStr) 

//  Usage:  x,  y,  z  are  pointers  to  S_exp 

#define  Singleton(x)  new  S_exp_list (x) 

#define  Doublet on (x,y)  \ 

new  S.exp.listCx,  new  S_exp_list(y)) 
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#define  Tripleton(i,y ,z)  \ 

new  S_exp_list (x.  Doublet on (y,z)) 

#endif 


12.37  s_exp_utilities.cc 


#include  "s_exp_utilities .h” 

#include  "eves2_state .h" 

extern  eves2_state  my_eves2_state; 

S_€Xp_list  *state_vals_to_s_exps (StateValueList  *svals)  { 

S_exp_list  *slist  =  new  S_exp_list; 

while  (svals  !=  NULL){ 

state^value  sname  =  svals->head() ; 
if  (sname  .kindO  !=  ConditionalState) 

{  slist  =  new  S_exp_list (Str_as_S_exp(sname.str() ,0) , slist) ;  } 
svals  =  svals~>tail() ; 

} 

return  slist; 


}; 


S_exp_list  *many_op_one(S_exp_list  *many,  Str  *op,  S^exp  *one){ 

if  (  many->isEmpty()  ) 

{  return  new  S_exp_list;  } 
else 

{  return  new  S_exp_list  (new  Application  (op, 
Doubleton(many->head()  ,  one)) , 
many_op_one(many->tail()  , op, one))  ; 

} 


}; 


S_exp_list  ♦one_op_many(S_exp  *one,  Str  *op,  S_exp_list  *many){ 
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if  (  many“>isEmpty()  ) 

{  return  new  S^exp.list;  } 
else 

{  return  new  S_exp_list  (new  Application  (op. 
Doublet on (one,  many->head()) ) , 
many „op_one(many->t ail ()  , op, one))  ; 

} 


}; 


S^exp  *Str^as_S_exp(Str  *3,  int  as.vbl){ 
if  (as_vbl){ 

return  new  Variable(s); 

> 

else  { 

return  new  Application (s) ; 

} 


}; 


S_exp_list  *ptwise_And(S_exp_list  *11,  S_exp_list  *12)  { 
if  (ll~>isEiiipty 0 ) 

{  return  new  S_exp_list;  } 
else 

{  return  new  S_€xp_list(ll->head()->And(12->head())  , 
ptwise_And(ll->tail() ,  12“>tail())) ;  } 

}; 

S^exp_list  *mutual_exclusion(S_exp_list  *siblings){ 

/*  The  guard  against  a  nullpointer  may  be  overkill  */ 

if  (  siblings  ==  MULL  I  1  siblings->isEmpty()  |  1 
siblings~>tail()->isEmpty()  )  ■[ 
return  new  S_exp_list; 

} 

else  { 

return  new  S_exp_list( 

siblings->head() ->Implies  (siblings->tail () “>NegateAll () ->And( )  )  , 
mutual_exclusion(siblings->tail () ) 

); 
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12.38 


s  _exp  _u  t  ilit  ies .  h 


tifndef  _ s_exp_utilities_h_ 

#defiiie _ s_exp_utilities_h_  1 

#include  "state^value.h" 

#include  "s.exp.h" 

//  Return  a  pointer  to  the  list  of  formulas  saying  the  [[siblings]] 

//  are  mutually  exclusive.  Note:  If  ♦siblings  is  a  list  of 
//  length  0  or  1,  this  returns  an  empty  list.  This  makes  sense  since 
//  the  "and"  of  an  empty  list  is  logically  true. 

//  The  particular  expression  of  this  property  may  not  be  the  best  for 
//  all  purposes:  For  example,  given  (Al,  A2,  A3),  it  returns 
//  (Al  ->  (not  A2  and  not  A3),  A2  ->  (not  A3)).  For  tablewise-like 
//  analysis  we  may  want  to  include  variant  versions  of  this  —  such  as 
//  pairwise  comparison. 

S_exp_list  ♦mutual_exclusion(S_exp_list  ♦siblings)  ; 

//  The  function  [[state_vals_to_s_exps]]  translates  a  list  of  [ [STATE_NAME] ]  s 
//  into  the  corresponding  list  of  s-expressions,  at  the  same  time 
//  filtering  out  all  the  conditional  state  names. 

S_exp_list  ♦state_vals_to_s„exps(StateValueList  ♦svals) ; 

//  Str_as_S_exp  assumes  that  s  points  to  an  identifier.  The 
//  parameter  "as^vbl"  is  used  to  determine  whether  the  resulting 
//  S-expression  will  be  a  variable  or  a  parenthesized  identifier. 

//  This  seems  to  be  good  enough  —  and  I  don’t  want  to  write  a  parser. 

S_exp  ♦Str_as„S_exp(Str  ♦s,  int  as_vbl)  ; 

//  If  many  points  to  (fmll,  fml2,  ...)  and  one  to  P,  then  this 
//  returns  a  pointer  to  (fmli“>P,  fml2->P,  ...).  If  anything 
//  in  question  is  empty,  it  returns  a  pointer 
//to  the  empty  S_exp_list. 

S_exp_list  ♦many_imply_one(S_exp  ♦one,  S_exp_list  ♦many); 

S_exp_.list  ♦many_op_one(S_exp_list  ♦many,  Str  ♦op,  S_exp  ♦one); 


S.exp_list  *one_op_maiiy(S_€xp  ♦one,  Str  ♦op,  S_eip_list  ♦many); 

//  Assumes  11  and  12  are  lists  of  the  same  length.  If  11  points  to 
//  (PI,  P2,  — )  and  12  to  (Ql,  Q2,  — )  this  returns  a  pointer  to 
//  (PlftQl,  P2&Q2,  This  will  dereference  a  nullpointer  if  11  is 

//  longer  than  12.  If  11  is  shorter  than  12  it  will  ignore  the  extra 
//  places  in  12. 

S_exp_list  ♦ptwise.And(S_exp_list  ♦!!,  S.exp.list  ^12); 

#endif 


12.39  simpleJist.h 


#ifndef  _ simple_list_h _ 

#define _ simple_list_h _ 1 

#include  <stdio.h> 

#include  "obj.h” 


template  <class  T> 
class  SimpleList  { 

private: 

T  hd; 

SimpleList <T>  ♦tl; 

/♦  void  print  ()  { 

SimpleList<int>  ♦iter  =  this; 
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printf ("list : ; 
while  (iter  !=  NULL){ 

printf("  y.d  ",  iter->head()) ; 
iter  =  iter->tail() ; 

} 

printf  ("\n")  ; 

}; 


public: 

/♦  construct  a  singleton  list  */ 

SimpleList (T  t)  :  hd(t)  { 
tl  =  NULL; 

>; 

/*  construct  t::l  ♦/ 

SimpleList (T  t,  SimpleList<T>  *1)  :  hd(t)  { 
tl  =  1; 

}; 

/*  accessors  */ 

T  head(){ 
return  hd; 

} 

SimpleList<T>  *tail(){ 
return  tl; 

} 

/+  utilities  ♦/ 

int  lenO  {if  (this==NULL)  return  0;  else  return  1  +  tl-“>len() ;}; 

/*  append  the  given  list  to  this  one  */ 

SimpleList  *Append( SimpleList  *12)  { 
if  (this==NULL)  {  retiirn  12;  } 

if  ((this->tl)==NULL)  {  return  new  SimpleList (this->hd, 12) ;} 
return  new  SimpleList (this“>hd,this->tl->Append(12)) ; 

}; 


void  do_it(  void  (♦op)(T)  ){ 
if  (  this  ==  NULL  ) 

{  return;  } 
op(hd)  ; 

tl“>do_it (op) ; 
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SimpleList<T>  *pointwise(  T  (*op)  (T)  ){ 
if  (  this  ==  NULL  ) 

{  return  NULL;  } 

return  new  SimpleList<T>(op(hd) ,  tl->pointwise(op)) ; 

}; 


}; 

#endif 


12.40  skeleton_utilities.h 

#ifndef  _ skeleton_utilities_h_ 

#define  _ skeleton_utilities_h_  1 

tinclude  <stdio.h> 

//  For  use  in  skeleton  files - insert  the  contents  of 

//  the  file  *filename  into  file  *f . 

void  grabCchar  *filenanie,  FILE  *f )  ; 

#endif 


12.41  skeleton_utilities.cc 


#include  "skeleton_utilities.h" 

void  grabCchar  *filename,  FILE  *f){ 

FILE  *text; 
char  c; 

text  =  f openCf ilename, "r") ; 
if  (!text) 

{  printf  (‘‘Couldn’t  open  file\n“); 
return;  } 


while  ((  c  =  getc(text))  !=  EOF)  { 


putc(c,f) ; 


} 

f close (text) ; 


}; 


12.42  s_list_table.h 


#ifndef  _ s_list_table_h _ 

#define  _ s_list_table_h _  1 

/♦  Hacked  up  quickie.  (See  also  name_table.h)  ♦/ 

# include  "conf iguration.h" 

#include  "s^exp.h" 

#include  "list.h" 

#include  ” event _value . h” 

/*  The  only  good  thing  about  this  is  the  provision  of  a  ♦/ 

/*  "do-it-to-the-whole-table"  method.  ♦/ 

class  s_list_table  { 

public: 

//  Make  a  f ormula_table  with  the  given  keys,  Euid  all  associated 
//  formula  lists  initially  equal  to  *s.  If  the  length  of  *keys  is 
//  greater  than  MAX_SPEC_NAMES  only  the  first  MAX_SPEC_NAMES  will  be 
//  entered  as  keys. 

s_list_table(StrList  *keys,  S_exp_list  *s)  ; 
int  sizeO  {  return  top;  }; 

//  Return  a  pointer  to  the  S_exp_list  pointed  to  by  *key  (the  very  same 
//  pointer  that’s  in  the  table,  so  there’s  sharing  here  —  which 
//  does  not  at  the  moment  seem  like  a  problem) .  If  none ,  return 
//  NULL. 

S_exp_list  *f ind(Str  ♦key) ; 

//  Prepend  ♦fml  to  the  entry  for  ♦key,  if  there  is  such  an  entry,  and 
//  return  0.  If  there  is  no  entry  for  ♦key  return  1.  Has  a  side 
//  effect  on  ♦this. 
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int  prependCStr  *key,  S^exp  *fml) ; 

//  This  nms  through  the  entire  table  and  applies  the  operation  entry^op 
//to  each  (Str*,  S_erp_list*)  pair. 

void  do_it(void  (*entry_op)  (Str*,  S_exp_list*)) ; 

void  display  (FILE  *f); 

private: 

typedef  struct  entry  {  Str  *key;  S.exp^list  *list;  }  ENTRY; 

//We  canH  use  any  of  the  list  templates  we  have,  because  they  all 
//  require  that  the  element  type  have  a  ==  operator. 

ENTRY  stuff [MAX.SPEC^NAMES] ; 
int  top; 

>; 

#define  EmptySListTable  s_list_table(EmptyStrList ,  new  S_exp_list)  ; 
#endif 


12.43  s -list  _t  able,  cc 

#include  '‘s_list_table  .h" 

#include  <stdio.h> 

#include  <string.h> 

//  Silly,  since  we^re  running  through  the  keys  twice  —  once  to  count 
//  them  and  once  to  insert  them  into  the  table.  But  the  whole  thing 
//  is  so  klutzy,  who  cares? 

s_list_table: :  s_list_table(StrList  *keys,  S_exp_list  *s){ 
if  (keys  ==  NULL)  { 
top  =  0; 

} 

else  { 

top  =  (keys->len()  >  MAX.SPEC.NAMES)?  MAX.SPEC^NAMES  :  keys->len()  ; 

} 

for  (int  i  =  0;  i  <  top  ;  i++)  { 
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stuff [i] .key  =  keys->hd; 
keys  =  keys->tl; 
stuff [i] .list  =  s; 

} 

}; 


S_exp_list  *s_list_table: :find(Str  ★key){ 
if  (key  ==  NULL)  {return  NULL;} 
for  (int  i  =  0;  i  <  top  ;  i++)  { 

if  (  stuff  [i]. key  ==  NULL  )  {  printf  ("NULL  key  in  table\n")  ;  return  NULL;  } 
if  (  stuff [i] . key->equals (key)  ) 

{return  stuff [i] .list;} 

} 

return  NULL; 


int  s_list_table :: prepend (Str  ♦key ,  S_exp  ♦fml){ 
if  (key  ==  NULL)  {return  NULL;} 
for  (int  i  =  0;  i  <  top  ;  i++)  { 

if  (  stuff  [i]. key  ==  NULL  )  {  printf("NULL  key  in  table\n") ;  return  NULL;  } 
if  (  stuff [i] .key“>equals (key)  )  { 
if  (stuff  [i]  .list  ==  NULL) 

{  stuf f [i] . list  =  new  S_exp_list (fml) ;  } 
else 

{  stuff [i] .list  =  new  S_exp_list (fml,  stuff [i] . list) ;  } 
return  0;} 

} 

return  1; 

}; 


void  s_list_table: : display (FILE  ♦!){ 

printf ("♦♦♦♦**♦  s_list_tabl€  value  ♦♦♦♦♦♦*\n"); 
for  (int  i  =  0;  i  <  top;  i++)  { 

if  (stuff  [i]  .key  ==  NULL)  { 
printf  ("Printing  null  key.  Value  of  i  is  7,d\n",i); 
continue; 

} 

printf ("Key :  7s\n" ,  stuff [i] . key->str) ; 
printf  ("Formula  list:  "); 
if  (stuff  [i]  .list  ==  NULL) 

{  fprintf(f,  "<empty>") ;  } 
else 

{  stuff [i] .list->print(f) ;  } 
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prints ("\n\n") ; 


} 


}; 


void  s_list_table:  :do_it  (void  (♦entry _op)(Str*,  S_e3cp_list^)){ 
for  (int  i  =  0;  i  <  top;  i++)  { 

entry_op(stuff [i] .key,  stuff [i] .list) ; 

} 


}; 


12.44  s_list_table_utilities.h 


#ifndef  _ s_list_table_utilities_h _ 

#def ine  _ s_list_table_utilities_h _  1 

ftinclude  "str.h" 

#include  *'s_exp.h" 

#iiiclude  "s_list_table,h" 

//  This  returns  s^tab^ptr  after  having  a  side  effect  on  *s„tab_ptr. 
//If  *key  is  a  key  in  ♦s.tab^ptr,  then  *fnil_ptr  is  prepended 
//to  the  corresponding  formula  sequence.  Otherwise,  this 
//  is  a  no-op. 

s^list stable  *AddToSTable(Str  ♦key,  S_exp  ♦fml^ptr, 
s_list_table  *s_tab_ptr) ; 


#endif 


12.45  s_list_table_utilities.cc 


#include  ”s_list_table_utilities .h” 

s.list^table  ♦AddToSTable(Str  ♦key,  S_exp  ♦fml_ptr, 
s_list_table  *s_tab_ptr){ 

s_tab_ptr->prepend(key ,fml_ptr) ; 
return  s_tab_ptr; 


}; 
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12.46  spin_state.h 


#ifndef  _ spin_state„h_ 

#define  _ spin_state_h_ 

class  spin_state  { 

public: 

spin_state()  {  call^niimber  =0;  }; 

//  Successive  calls  of  suffix  return  " _ 1”,  " _ 2",  " _ 3",  etc. 

char  *suffix(); 
private : 

int  call_number; 

}; 

#endif 

12.47  state_value.h 

#ifndef  _ state_value_h_ 

#define  _ state_value_h_  1 

#include  <stdio.h> 

#include  "str.h” 

#include  “simple_list  .h'‘ 

enum  state_kind  {AtomicState,  AndState,  OrState, 

AndArrayState ,  OrArrayState,  ConditionalState}; 

class  St at e_ value  { 
public: 

state_value(Str  *s,  state_kind  k,  int  c)  {st  =  s;  knd  =  k;  cd  =  c;  } 
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Str  *str()  {return  st;}; 
state^kind  kindO  {return  knd;}; 
int  codeO  {return  cd;}; 

void  print  (FILE  *f )  ; 

private: 

Str  *st; 
state_kind  knd; 
int  cd; 

}; 


typedef  SiDipleList<state_value>  StateValueList ; 
#define  EmptyStateValueList  (StateValueList  *)0 
// 


#endif 


12.48  state_value.cc 


#include  *’state_value.h'’ 

void  s t at e_ value ::  print  (FILE  ♦!){ 

f print!  (f ,  *’7,d\t  “ ,  cd)  ; 
st->print(f)  ; 
fprintf (f ,"\t”)  ; 
switch  (knd)  { 

case  AtomicState: 
fprintf (f , "Atomic") ; 
break; 

case  AndState: 
fprintf (f," And") ; 
breaik; 

case  Or St ate: 
fprintf (f," Or") ; 
break; 

case  AndArrayState: 
fprintf (f , "AndArray") ; 
break; 

case  OrArrayState: 
fprintf (f," Or") ; 


212 


break; 

case  ConditionalState: 
fprintf(f, '’Conditional") ; 
break; 

} 

}; 


12.49  state_value_utilities.h 

#ifndef  _ state_value_utilities_h_ 

#define  _ state_valu€_utilities_h_  1 

tinclude  "state^vaiue.h" 

StrList  ♦StateValListToStrList (StateValueList  *val_list) ; 
//  This  converts  only  the  unconditional  states. 

StrList  ♦UnCondStatesToStrList  (StateValueList  ♦val^list)  ; 
#endif 


12.50  state_value_utilities.cc 


#include  <stdio.h> 

#include  "state_value_utilities.h" 

StrList  *StateValListToStrList (StateValueList ♦val^list) { 
StrList  *s_list  =  EmptyStrList ; 

StateValueList  ♦iter  =  val_list; 
while  (iter  !=  NIJLL){ 

s_list  =  new  StrList  (iter->head()  ,str()  ,  s_list)  ; 
iter  =  iter'->tail()  ; 

} 

return  s_list; 

>; 
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StrList  *UnCondStatesToStrList(StateValueList  *val_list){ 
StrList  *s_list  =  EmptyStrList ; 

StateValueList  *iter  =  val_list; 
while  (iter  !=  NULL){ 

if  (  iter->head() ,kind()  !=  ConditionalState  ) 

{  s_list  =  new  StrList  (iter~>head()  .str()  ,  s^list)  ;  } 
iter  =  iter~>tail() ; 

} 

return  s_list; 


}; 


12.51  str.h 


#ifndef _ str_h _ 

#define _ str_h _ 1 

#include  <stdio.h> 

#include  <stdlib.h> 

#include  "obj.h" 

#include  "list.h" 
class  Str  :  public  Obj  { 

public : 

Str (char  *s)  { 

str  =  (char  *)inalloc(strlen(s)+l)  ; 
strcpy(str,  s) ; 

}; 


char  *str; 

int  lenO  {  return  strlen(str);  }; 

void  print  (FILE  *f)  {  fprintf  (f , '‘%s*’ ,str)  ;  }; 

int  equals(Str  *x)  {return  ! strcmp(str,x->str) ; 
int  isInfixO; 
int  isPostfixO; 
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Str  ♦append (Str  ♦x) 

{char  *dnm; 

dum  =  (char  *)  (malloc  (lenO  +  x->len()  +  1)); 

strcpy(dujn,str) ; 

strcpy  (dum+lenO  ,x->str)  ; 

return  new  StrCdum); 

}; 


Str  *append(char  *x) 

{char  ♦dum; 

dum  =  (char  ♦) (malloc  (len()  +  strlen(x)  +  1)); 
strcpy(dum,str) ; 
strcpy  (dum+lenO  ,x) ; 
return  new  Str (dum); 

}; 


Str  *prepend(char  *x) 

{char  ♦dum; 

dum  =  (char  ♦)  (malloc  (len()  +  strlen(x)  +  1)); 

strcpy (dum, x) ; 

strcpy  (dum+strlen(x)  ,str)  ; 

return  new  Str  (dum)  ; 

}; 


>; 


typedef  List<Str>  StrList; 

#define  EmptyStrList  (StrList  ♦)0 
#endif 


12.52  str.cc 


#include  "str.h" 
/♦A  dummy  ♦/ 


215 


12.53  strlist.utilities.h 


#ifndef  _ strlist_utilities„h_ 

#def ine  strlist_utilities_h_  1 


#include  ”str,h" 

//  If  slist  is  (A,B,C)  and  strop(A)  =  A\  etc,, 

//  then  pointffise (slist, strop)  is  (A\  C’). 

//  assuming  that  strop  is  "functional"  in  the 
//  sense  of  not  changing  the  abstract  value  of  what 
//  any  existing  pointer  points  to. 

StrList  *pointwise(StrList  *slist,  Str*  (*strop)  (Str*))  ; 


#endif 


12.54  strlist_utilities.cc 


#include  "strlist .utilities. h" 

StrList  *pointwise (StrList  *slist,  Str*  (*strop) (Str*) ){ 

if  (  slist  =-  NULL  ) 

{  return  NULL;  } 

return  new  StrList (strop (slist ->hd) , 
pointwise (slist->tl , strop) ) ; 


}; 


12.55  table.h 


#ifndef  _ table.h _ 

#define  _ table.h _  1 


/*  BRAIN  DEAD,  Hacked  up  quickie.  */ 
#include  "conf iguration.h" 
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#define  TABLE.DATA  int 
class  table  { 
public : 

table 0  {  top  =0;  }; 

void  insert (char  ♦key,  TABLE_DATA  ♦data); 

TABLE^DATA  ♦findCchar  ♦key); 
void  display 0; 

private: 

t3rpedef  struct  entry  {  char  ♦key;  TABLE_DATA  ♦data;  }  ENTRY; 

//  We  can't  use  any  of  the  list  templates  we  have,  because  they  all 
//  require  that  the  element  t3rpe  have  a  ==  operator. 

ENTRY  stuff  CMAX^SPEC_NAMES] ; 
int  top; 


}; 


#endif 


12.56  table.cc 


#include  <string.h> 
#include  <stdio.h> 
#include  "table.h” 


TABLE_DATA  ♦table:  : findCchar  ♦key)! 
for  (int  i  =  0;  i  <  top  ;  i++)  { 
if  (strcmpCstuff  [i]  .key ,  key)  ==  0) 
{return  stuff [i] .data;} 

} 

return  NULL; 

}; 


void  table:  :  insert  (char  ♦key,  TABLE_DATA  ♦data)! 
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if  (this->find(key)  !=  NULL) 
{  return;  } 
else  { 

if  (  top  ==  1000  ) 

{  printf ("Table  full"); 
return; 

} 

else 

{  stuff  [top]  .data  =  data; 
stuff  [top]  .key  =  key; 
top++ ; 

} 

} 

}; 


void  table: : display (){ 
printf  ("♦************i‘**\n") ; 
priiitf(  "Table  =  \n"); 
for  (int  i  =  0;  i  <  top;  i++)  { 

printfC'Key:  7.s,  Data:  7.d\n",  stuff  [i]  .key,  ♦(stuff  [i]  .data))  ; 

} 

printf ("♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦\n") ; 


12.57  tagged-table.h 


#ifndef  _ tagged_table_h _ 

#define  _ tagged_table_h _  1 

#include  "conf iguration.h" 

#include  "s_exp.h" 

#include  "simple_list .h" 

//  This  stuff  should  actually  be  generic  in  the  type  of 
//  the  tags  —  but  the  complexity  of  doing  that  (at  least,  the  way  I 
//  tried  to  do  it)  caused  an  internal  compiler  bug  in  gcc.  Instead, 
//  1^11  just  make  all  the  tags  into  Str’s.  The  idea  is  that  keys  in 
//  the  table  will  be  Str^s,  and  entries  in  the  table  will  be  lists  of 
//  s-exp/tag  pairs. 

typedef  struct  tagged^fml  {  S_exp  ♦fml;  Str  *tag;  }  tagged.fml  ; 
class  tagged_s_list  { 
public : 
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//  Empty  tagged  list 

tagged_s_list(){  list  =  (SiDipleList<tagged_fml>  ♦)0;  }; 

//  Singleton  tagged  list 

tagged_s_list  (S_exp  *f ,  Str*  t)  { 
tagged_f ml  tf ; 
tf  .fml  =  f; 
tf  .tag  =  t ; 

list  =  new  SimpleList<tagged_fml>(tf ) ; 

}; 


tagged_s_list (tagged_fml  tf  )  { 

list  =  new  SimpleList<tagged_fml>(tf ) ; 

}; 


//  Prepend  (f,t)  to  tg_list 

tagged_s_list (S_exp  *f ,  Str*  t,  tagged^s^list  ♦tg.list) 

{  tagged_fml  tf; 
tf.fml  =  f ; 
tf .tag  =  t; 

list  =  new  SimpleList<tagged_fml>(tf ,  tg_list->list)  ; 

}; 


tagged_s.list(tagged_fml  tf ,  tagged_s_list  *tg_list){ 
list  =  new  SimpleList<tagged_fml>(tf ,  tg_list“>list) ; 

}; 


//  Accessors 

S_exp  *head.fml()  {  return  list->head() .fml;  }; 

Str  ♦head_tag()  {  return  list->head() .tag; 

tagged_s_list  ♦tailO  {  return  new  tagged_s_list (list->tail()) ;  }; 
int  isEmptyO  {  return  list  “=  NULL 

S_exp_list  *s_list() 

{  if  (  list  ==  NULL  ) 

{  return  new  S_exp_list;  } 
else 

{  return  new  S_exp_list(list->head() .fml, 
tagged_s_list (list“>tail () ) . s_list () ) ;  } 

}; 


void  print  (FILE  *f)  ; 
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void  do_it(  void  (*op) (S^exp*,  Str*)  ); 
void  do_it(  void  (*op) (tagged_f ml)  ); 

private: 

Simple  Lis  t<tagged_f  ml  >  *list; 

//  This  hidden  function  is  used  to  coerce  SimpleList<tagged_fml> 
//to  tagged^s^list. 

tagged_s^list(SimpleList<tagged_fml>*l)  {  list  =  1;  }; 


}; 


//  The  table  uses  Str’s  as  keys  to  tagged_s_lists’s 
class  tagged. table  { 
public : 

//  Make  a  f ormula.table  with  the  given  keys,  aind  empty  entries. 
tagged.tableCStrList  ♦keys); 
int  sizeO  {  return  top;  }; 

//  Return  a  pointer  to  the  tagged.list  indexed  by  ♦key  (the  very  same 
//  pointer  that's  in  the  table,  so  there's  sharing  here  —  which 
//  does  not  at  the  moment  seem  like  a  problem) .  If  none ,  return 
//  MULL. 

tagged.s.list  ♦f ind(Str  ♦key) ; 

//  Prepend  (♦f ml, tag)  to  the  entry  for  ♦key,  if  there  is  such  an  entry,  and 
//  return  0.  Has  a  side  effect  on  *this.  If  there  is  no  entry  for 
//  ♦key,  or  if  the  key  is  null,  or  if  find  null  key  in  table,  prints  a 
//  warning  messages  and  returns  1. 

int  prepend(Str  ♦key,  S.exp  ♦fml,  Str  ♦tag); 

/ /  This  runs  through  the  entire  table  and  applies  the  operation  entry.op 
//to  each  (Str^,  tagged,  s.list^)  pair. 

void  do_it(void  (♦entry.op) (Str^,  tagged.s.list^)) ; 

void  print  (FILE  ♦! )  ; 


220 


private: 


tjrpedef  struct  entry  {  Str  *key;  tagged_s_list  *list;  }  ENTRY; 

//  stuff  will  actually  be  allocated  as  cui  cirray  of  entries 
//  having  size  top  (a  rep  invariant) 

ENTRY  *stuff; 
int  top; 


}; 


#endif 


12.58  tagged_table.cc 


# include  "tagged_ table . h” 

#include  <stdio.h> 

#include  <string.h> 

void  tagged_s_list : :do_it(  void  (*op) (S_exp*,  Str*) 

if  (  list  ==  NULL  ) 

{  return;  } 

op(list->head() .fml,  list->head() .tag) ; 
tbis’’>tail()->do_it  (op) ; 


}; 


void  tagged^s.list: ; do.it (  void  (*op) (tagged.fml)  ){ 
if  (  list  ==  NULL  ) 

{  return;  } 
op(list->head()) ; 
this->tail()->do_it(op) ; 


}; 


void  tagged.s.list : : print (FILE  *f){ 
if  (  list  ==  NULL  ) 

{  return;  }; 

fprintf(f,  "Tag;  ") ; 
list->head() .tag~>print (f ) ; 
fprintf(f,  Fml:  ") ; 
list~>head() .fml->print (f ) ; 
fprintf (f ,"\n") ; 
this->tail()->print(f ) ; 

}; 


■tagged. table:  :tagged.table(StrList  *keys){ 
top  =  keys->len(); 

stuff  =  (ENTRY  *)malloc(top  ♦  s ize of (ENTRY)) ; 

for  (int  i  =  0;  i  <  top  ;  i++)  { 
stuff [i] .key  =  keys->hd; 
keys  =  keys->tl; 

stuff Ci] . list  =  new  tagged  s.list; 

} 
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}; 


tagg€d_s„list  *tagged_table: :f ind(Str  ♦key){ 
if  (key  ==  NULL) 

{  printf  ("Searching  on  NULL  key.  Returning  empty  list.\n"); 
return  new  tagged_s_list ;  } 

for  (int  i  =  0;  i  <  top  ;  i++)  { 
if  (  stuff  [i]  .  key  ==  NULL  ) 

{  printfC'NULL  key  in  table.  Returning  empty  list.\n"); 
return  new  tagged_s_list ;  } 

if  (  stuff [i] . key->equals (key)  ) 

{return  stuff [i] .list ;} 

} 

//  In  this  case,  the  key  is  not  found, 
return  new  tagged_s_list ; 

}; 


int  tagged_table: : prepend (Str  ♦key,  S_exp  *fml,  Str  *t){ 
if  (key  ==  NULL) 

{  pr int f  ("Asked  to  update  NULL  key.\n'‘); 
return  1  ; } 

for  (int  i  =  0;  i  <  top  ;  i++)  { 

if  (  stuff  [i]  .key  —  NULL  ) 

{  printf  ("NULL  key  in  table. \n"); 
return  1 ;  } 

if  (  stuff [i] .key->equals (key)  )  { 
if  (stuff  [i]  .list  ==  NULL) 

{  stuff [i] .list  =  new  tagged_s_list(fml,  t)  ;  } 
else 

{  stuf f [i] . list  =  new  tagged_s_list (fml ,  t,  stuff [i] , list) ;  } 
return  0; 

> 

> 

printf("Key  not  found. \n"); 
retiirn  1; 

}; 


void  tagged^t able :: print  (FILE  *f)  { 

printf ("♦*♦*♦♦♦  tagged_table  value  *******\n") ; 
for  (int  i  =  0;  i  <  top;  i++)  { 
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if  (stuff  [i]  .key  ==  NULL)  { 
printf  ("Printing  null  key.  Vedue  of  i  is  •/.d\n",i); 
continue; 

} 

printf ("Key:  Xs\n",  stuff [i] .key->str) ; 
printf  ("Formula  list:  \n")  ; 
if  (stuff  [i]  .list  ==  NULL) 

{  fprintf(f,  "<empty>");  } 
else 

{  stuff [i] .list ~>print(t) ;  } 
printf  (’'\n\n'0 ; 

} 


void  tagged.table:  ;do,it(void  (*entry_op)  (Str*,  tagged_s_list*)){ 
for  (int  i  =  0;  i  <  top;  i++)  { 

entry^op (stuff  [i]  .key,  stuff  [i]  .list)  ; 

} 


}; 


//  void  tagged^table:  ;do_it  (  void  (♦opXStr*,  T)  ){ 
/ /  list“>do_it (promote (op) ) ; 

//  }; 


12.59  transition_value.h 

#ifndef _ transition_value_h_ 

#define  _ transition_value_h_  1 

//  This  is  a  first  approximation.  I  don’t  know  what  really  belongs 
//in  here.  The  only  special  twist  is  the  "leaves"  data. 

#include  " event. value. h" 

#include  "str.h" 

#include  "s.exp.h" 

//We  keep  the  names  of  the  actual  source  and  destination 
//  and  their  codes  (which  can  be  looked  up  in 
/ /  glob) .  We  should  probably  do  the  same  for  the  triggering 
//  event  and  the  list  of  actions,  but  defer  that  for  now. 

//  This  does  not  automatically  maintain  the  invariant  that 
//  Ivs  is  really  what  a  transition  src->dest  leaves.  That 
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//  yill  have  to  be  guaranteed  by  the  way  we  generate  these  things. 

//It  may  not  be  necessary  to  maintain  the  code 

//  for  the  transition  as  part  of  the  transition  value;  but,  by 

//  cUialogy  with  state  values  we’ll  do  so. 

class  transit ion^value  { 

public: 

transition_value(Str  *n,  Str  ♦t,  S_exp  *con, 
int  s,  Str  *s_n, 
int  d,  Str  *d_n, 
int  1,  Str  *l_n, 

StrList  ♦a,  int  c){ 
nm  =  n;  trig  =  t;  condit  =  con; 
src  =  s;  src_nm  «  s_n; 
dest  =  d;  dest_nm  =  d_n; 

Ivs  =  1;  lvs_nm  =  l_n; 
acts  =  a;  cd  =  c;}; 

Str  *name()  {  return  nm;  } 

Str  *trigger_name()  {  return  trig;  }; 
int  source ()  {  return  src;  }; 

Str  *source_name()  {  return  src_nm;  }; 
int  dest inat ion ()  {  return  dest;  }; 

Str  *destination_name()  {  return  dest_nm;  }; 
int  leaves ()  {  return  Ivs;  }; 

Str  *leaves_name()  {  return  lvs_nm;  >; 

S_exp  ♦condit ion ()  {  return  condit;  }; 

StrList  ♦actions ()  {  return  acts;  >; 
int  codeO  {  return  cd;  }; 

void  print  (FILE  ♦!)  ; 

private : 

Str  ♦nm; 

Str  ♦trig; 
int  src; 

Str  ♦src_nm; 
int  dest; 

Str  ♦dest_nm; 
int  Ivs; 

Str  ♦lvs_nm; 

S_€xp  ♦condit; 

StrList  ♦acts; 
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int  cd; 


}; 


#def  ine  DummyFormula  f  alse_S_ptr 


#endif 


12.60  transition_value.cc 


Sinclude  <stdio.h> 

#incltide  <stdlib.h> 
tinclude  "transit ion_ value  .h" 

VO  id  tr  ans  it  ion_  value : :  print  (FILE  )  { 
fprintf  (f ,  "Transition  code ;  Xd\n" , cd)  ; 
f printf  (f ,  "Transition  name :  7.s\n"  ,nm->str)  ; 
fprintf  (f, "Source  (code, name):  (7.d,7.s)\n" ,src,src^nm->str)  ; 
fprintf  (f, "Destination  (code, name)  :  (7.d,7.s)\n"  ,dest  ,dest^nm->str)  ; 
fprintf  (f, "Leaving  (code, name):  (7.d.7.s)\n" ,lvs ,lvs_nm“>str)  ; 
fprintf (f, "Trigger:  ")  ; 
trig->print (f); 
fprintf (f,"\n") ; 

fprintf  (f,"***Kot  printing  condition***\n")  ; 
fprintf  (f ,  "***Acts  currently  dummied  out***\n\n")  ; 


>; 


12.61  combinatorics.h 

#ifndef  _ combinatorics_h_ 

#define  _ combinatorics_h_  1 

//  Warshall’s  algorithm. 

void  trans,closure(int  **relation,  int  dimension,  int  ♦♦closure); 

//  Obvious  variant  of  Warshall’s  algorithm. 

void  trans_ref  lex_closure (int  ♦♦relation,  int  dimension,  int  ♦♦closure)  ; 
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//  Assume: 

//  relation  is  a  square  array  of  size  dimension 
//  relation  codes  a  partial  order  in  which  sups  exist 
//  X,  y  <  dimension. 

//Return  the  sup  of  x  and  y. 

int  supCint  **relation,  int  dimension,  int  x,  int  y)  ; 
#endif 


12.62  combinatorics.ee 


#include  <stdio.h> 

#include  *'combinatorics.h" 

void  trans„closure(int  **relation,  int  dimension,  int  ♦★closure) { 
int  i,  j,  k; 

for  (i  =  0;  i  <  dimension;  i++) 
for  (j  =0;  j  <  dimension;  j++) 
closure [i] [j]  =  relation [i] [j] ; 

for  (k  =  0;  k  <  dimension;  k++) 
for  (i  =  0;  i  <  dimension;  i++) 
for  (j  =  0;  j  <  dimension;  j++) 
if  (closure [i]  [j]  ==  0) 

{  closure [i]  [j]  =  closured]  [k]  &&  closure [k]  [j]  ;  } 


}; 


void  trans_reflex_closure( int  ★★relation,  int  dimension,  int  ★★closure){ 
int  i,  j,  k; 

for(i=0;  i<  dimension;  i++) 
for  (j  “0;  j  <  dimension;  j++) 

closure[i]  [j]  =  (i==j?  1  :  relation[i]  [j]) ; 

for  (k  =  0;  k  <  dimension;  k++) 
for  (i  =  0;  i  <  dimension;  i++) 
for  (j  =  0;  j  <  dimension;  j++) 
if  (closure Ci]  [j]  ==  0) 

{  closure d][j]  =  (closured]  [k]  &&  closure [k]  [j] )  ;  } 
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int  supCint  **relatioii,  int  dimension,  int  x,  int 


int  i  =  0; 
int  lub_so_far; 

//  Because  of  assumption  that  sups  exist,  this  will 
If  terminate  before  running  off  the  end. 

while  (  relation[x]  [i]  !=  1  I  |  relationCy]  [i]  *=  1  ) 
{  i++;  } 

lub_so_far  =  i; 
i++; 

while  (  i  <  dimension  ) 

{  if  (relation [x]  [i]  ==  1  ft& 
relationCy]  [i]  ==  1  && 
relationCi]  [lub_so_f ar]  ) 

{  lub_so_far  =  i;  > 
i++;  } 

retiim  lub_so_far; 


Chapter  13 

The  Makefile 


#  $Header:  /home/projects2/FMI/EVES/translator/RCS/Hakef ile,vl .27  1996/04/10  21:24:24  davidg  Exp  davidg  $ 

CC=/usr/local/bin/g++ 

L0CAL_CFLAGS=  -g 
RSML^CFLAGS  = 

CFLAGS  =  $(L0CAL„CFLAGS)  $(RSML_CFLAGS) 

NOWEBFILES  =  grajnmar-skeleton.nw  \ 
grammar-prelijninaries  .ng  \ 
initialization. nw  \ 
attribute-declarations.nw  \ 
grammar -product  ions,  nw  \ 
attribute-def initions .nw  \ 
eves.nw  \ 
pvs.nw  \ 
spin.nw 

#  Obsolete:  grammar-bodies  .nw  grammar-traversals.nw 

#  Obsolete:  eves_state.h  eTes_state.cc 

NOWEB^DOCUHENTATION  =  \ 
grammar-skeleton . nw  \ 
grammar-preliminaries . nw  \ 
initialization. nw  \ 
attribut e-declarat ions . nw  \ 
attribute-def initions. nw  \ 
eves.nw  \ 
pvs.nw  \ 
spin.nw 
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AUXILIARY.SKELETON.FILES  =  \ 
_deterministic_max_enabled_set 


GENERATED^SKELETON.FILES  =  \ 

_eves_skeleton  \ 

_spin_skeleton  \ 

„pvs_skeleton 

EVES.THEORIES  =  \ 
real . ver 

#  Omitting  gr ammar-product ions. nw  from  the  "documentation'*  variable 
NOWEB_DOCUMENTATION_FIXED  =  $  (NOWEB.DOCUMENTATION :  •/.=7. .  fixed) 

#  The  .fixed  versions  of  the  noweb  files  will  have  all  _  inside 

#  module  names  escaped  with  a  \ 

TEST^FILES  =  testl  \ 

test2  \ 

tests  \ 

test3~5  \ 

test4 

TEST.TRANSLATIONS  =  \ 
refl  ref 2  ref 3  \ 

REFl  REF2  REFS  REF3-5  REF4  \ 

PVS^REFl  PVS^REF2  PVS^REFS  PVS_REF3-5  PVS^REF4 


TEST^PROOFS  =  proofsl  \ 

proofs2  \ 

proofsS 

#  NOTE:  For  now  not  going  to  be  doing  anything  in  the 

#  Makefile  with  the  INHERITED^CODE  not  even  keeping  it 

#  in  RCS.  I’ll  just  change  all  its  permissions  to  make  it 

#  unwritable. 

IMHERITED.CODE  =  \ 
list.h  \ 
obj  .h 

AUXILIARY^CODE  =  \ 
c^style.h  \ 
c_style.cc  \ 
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conditions.!!  \ 
conditions.cc  \ 
conf iguration.h  \ 
e vent _ value .h  \ 
event. value. cc  \ 
event.value.utilities .h  \ 
event.value.utilities.ee  \ 
eves2. state .h  \ 
eves2.state.ee  \ 
formula.table.h  \ 
fonttula.table.ee  \ 
formula. table. util it ies.h  \ 
formula.table.utilities.ee  \ 
function.def inition.h  \ 
function_definition.ee  \ 
function.def inition.util it ies .h  \ 
f unct ion.def init ion.ut il it ies . cc 
global.table.h  \ 
global.table.ee  \ 
load.h  \ 
load.ee  \ 
main.ee  \ 

misc_utilities.ee  \ 
misc.utilities .h  \ 
pvs.state.h  \ 
pvs.state.ee  \ 
pvs.types.h  \ 
pvs_t5rpes.ee  \ 
rsml.state.h  \ 
rsml_state.ee  \ 
scaled.integer .h  \ 
scaled_integer.ee  \ 
s_exp.ee  \ 
s.exp.h  \ 

s.exp.ut ilities.ee  \ 
s.exp.utilities.h  \ 
simple.list .h  \ 
skeleton.utilities.h  \ 
skeleton_utilities.ee  \ 
s.list.table .h  \ 
s.list _table.ee  \ 
s.list.table.utilit ies.h  \ 
s_list_table_utilities.ee  \ 
spin.state.h  \ 
state.value ,h  \ 
state.value.ee  \ 
state.value.utilities .h  \ 


state_value_utilities.cc  \ 
str.h  \ 
str.cc  \ 

strlist_utilities.h  \ 
strlist_utilities.cc  \ 
table. h  \ 
table, cc  \ 
tagged_table.h  \ 
tagged_table.cc  \ 
t ransition_ value. h  \ 
transit ion_ value. cc  \ 
combinatorics.h  \ 
combinatorics , cc 

RCS_C0NTR0LLED=  \ 

$(NOWEBFILES)  \ 

$(EVES_THEORIES)  \ 

$(TEST_FILES)  \ 

$(TEST_TRANSLATIONS)  \ 

$(TEST_PR00FS)  \ 

$(AUXILIARY_CODE)  \ 

$(AUXILIARY_SKELETON_FILES)  \ 
$(GEHERATED_SKELETON_FILES)  \ 

Makefile  \ 

README  \ 
grammar . 1  \ 
kill_nils  \ 
pretty-print  \ 
translate  \ 
stripped-grammar 

YACC=/usr/local/src/syn/4.1/syn/etc/berkeley/yacc/yacc 
YFLAGS=  -d  -V 


LEX=/usr/local/bin/flex 

LFLAGS=-i 


0X=ox 

0XFLAGS=-I 

LDFLAGS=-lfl 

MY_0BJS=  \ 

lei.yy.o  y.tab.o  s_exp.o  s_exp_utilities.o  \ 
misc_utilities.o  eves2_state. o  load.o  main.o  table. o  \ 
formula_table.o  formula_table_utilities.o  event _value. o  \ 
e vent _value_util it ies.o  conditions. o  pvs_state.o  pvs_types.o  \ 
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fuiiction_def inition.o  function^def inition^utilities .o \ 
scaled^integer.o  global^table.o  state_value.o  rsml_state.o  \ 
combinatorics . o  tr ans it ion_ value. o  s_list_table.o  \ 
statc_value_utilities.o  s_list_table_utilities , o  \ 
c.style.o  strlist^utilities.o  skeleton_utilities.o 


OBJS  =  $(MY,OBJS) 
translator:  $(0BJS) 

$(CC)  -o  translator  $(CFLAGS)  $(0BJS)  $(LDFLAGS) 

grammar. cc:  $(NOWEBFILES)  generated^include^f ile.h  \ 

generated_C_macros  .h  $(GENERATED_SKELETON_FILES) 

notangle  -L'7*  line  XL  of  y,F  */y,N"  $(NOWEBFILES)  >  grammar. cc 

oxout.y  oxout.l:  grammar. cc  grammar. 1 
$(0X)  $(OXFLAGS)  grammar. cc  grammar. 1 

dont  _t  ouch_this . y :  oxout . y 

cat  oxout.y  |  cpif  dont_touch_this.y 

y.tab.c  y.tab.h:  dont_touch„this.y 
$ (YACC)  $ ( YFLAGS)  dont.touch^this . y 

checkout : 

CO  $(RCS.C0N[TR0LLED) 

checkin:  $(RCS^CONTROLLED) 
ci  $(RCS_CONTROLLED) 

weak_checkin:  $(RCS^C0NTR0LLED) 
ci  -u  $(RCS_CONTROLLED) 

iinlocked: 

res  -u  $(RCS_CONTEOLLED) 
clean: 

rm  $(MY_0BJS)  translator  grammar . cc  oxout.y  oxout. 1  \ 
y.tab.c  y.tab.h  lex.yy.c  dont_touch_this.y  \ 
generated_include_f  ile.h  generated.C^macros.h  \ 


cleano : 
rm  $(MY„0BJS) 

%. fixed:  */, 
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cat  $<  I  generating~skeletons/fix_niodule_names> 

documentation:  $(NOWEB^DOCUMENTATION_FIXED)  $(AUXILIARY^CODE)  Makefile  \ 
stripped-graDunar  grammar.  1 

noweave  -1  -n  $(NOWEB_DOCtJMENTATIOM[_FIXED)  >  docs/grammar-cc, tex 
cat  docs/beginverbatim  Makefile  docs/endverbatim  \ 

>  docs/Makef ile.tex 

cat  docs/beginverbatim  stripped-grammar  docs/endverbatim  \ 

>  docs/stripped-grammar .tex 

cat  docs/beginverbatim  grammar.  1  docs/endverbatim  \ 

>  docs/grammar-1. tex 
rm  -f  docs/aux-code.tex 

for  f  in  $(AUXILIARY.CODE);  \ 
do  \ 

titl€=^echo  $$f  I  sed  '’s/./\\\\\\_/g» ‘  ;  \ 
label=‘echo  $$f  I  sed  -e  "s/_/-/g”  \ 

-e  '’s/\./-/g'‘'  ;  \ 

echo  '‘\section{"  $$title  ’'}\label{"  $$label  »  \ 
docs/aux-code.tex;  \ 

cat  docs/beginverbatim  »  docs/aux-code.tex;  \ 
cat  $$f  »  docs/aux-code.tex  ;  \ 
cat  docs/endverbatim  »  docs/aux-code.tex;  \ 
done; 

#  This  used  to  depend  on  opts.h,  but  now  that  stuff 

#  has  been  put  into  grammar-skeleton. nw,  so  into  grammar. cc 

^eves.skeleton:  $(NOWEBFILES) 

notangle  -R"eves  skeleton"  $(NOWEBFILES)  I  \ 

cpif  _eves_skeleton 

_spin^skeleton:  $(NOWEBFILES) 

notangle  -R"spin  skeleton"  $(NOWEBFILES)  |  \ 

cpif  _spin_skeleton 

_pvs„skeleton:  $(NOWEBFILES) 

notangle  -R"pvs  skeleton"  $(NOWEBFILES)  1  \ 

cpif  _pvs_skeleton 

generated.include_f ile.h  :  $(NOWEBFILES) 
notangle  -R"Include  files"  $(NOWEBFILES)  |  \ 
cp if  generat ed_ include_f ile . h 

generated_C_macros.h  :  $(NOWEBFILES) 
notangle  -R"C  Macros"  $ (NOWEBFILES)  |  \ 
cpif  generat ed_C_macr os . h 
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y.tab.o:  y.tab.c 

$(CC)  ~c  $(CFLAGS)  y.tab.c 

lex.yy.c:  oxout.l 
SCLEX)  $(LFLAGS)  oxout.l 

lex.yy.o:  y.tab.h  lex.yy.c 
$(CC)  -c  $(CFLAGS)  lex.yy.c 

main.o:  main.cc 

$(CC)  -c  $(CFLAGS)  main.cc 

#  This  should  now  be  obsolete 

#  opts.o:  opts.cc 

#  $(CC)  -c  $(CFLAGS)  opts.cc 

scaled_integer.o:  scaled^integer .h  scaled^ integer . cc 
$(CC)  -c  $(CFLAGS)  scaled_integer .cc 

St ate_ value . o :  state. value. h  st at e_ value . cc 
$(CC)  -c  $(CFLAGS)  s t ate. value. cc 

state.value.utilities .  o :  st  at  e.  value  .util  it  ies  .h  state.value  .utilities .  cc 
$(CC)  ~c  $(CFLAGS)  state.value.utilities.ee 

s.exp.o:  s.exp.h  s. exp.ee 
$(CC)  -c  $(CFLAGS)  s. exp.ee 

s.exp.utilities.o:  s.exp.utilities .h  s.exp.utilities .cc 
$(CC)  -c  $(CFLAGS)  s_exp.utilities.ee 

str.o:  str.h  str.ee 
$(CC)  -c  $(CFLAGS)  str.ee 

misc.utilities . o:  misc.utilities.h  misc.utilities.ee 
$(CC)  -c  $(CFLAGS)  misc.utilities.ee 

eves2.state.o:  eves2.state.h  eves2_state.ee  misc.utilities.h 
$(CC)  -c  $(CFLAGS)  eves2_state.ee 

global.table . o:  global.table.h  global_table.ee 
$(CC)  -c  $(CFLAGS)  global.table.ee 

rsml.state.o:  rsml_state.hrsml_state.ee  simple.list .h 
$(CC)  -c  $(CFLAGS)  rsml.state.ee 

load.o:  load.h  load.ee 
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$(CC)  -c  $(CFLAGS)  load.cc 


table.©:  table. h  table. cc 
$(CC)  -c  $(CFLAGS)  table. cc 

formula. table.©:  f ©rmula.table.h  formula.table.ee 
$(CC)  ~c  $(CFLAGS)  formula.table.ee 

f  ormula.table.utilit ies .  o :  f  ormula.table.ut ilities ,  h  f  ormula.table.ut ilit  ies .  cc 
$(CC)  ~c  $(CFLAGS)  formula.table.utilities.ee 

function.definition.o:  fuuction.def  inition.h  function.definition.ee 
$(CC)  “C  $(CFLAGS)  function.definition.ee 

function.definition.ut  ilit  ies .  o :  function.definition.ut  ilities .  h  function.definition.ut  ilit  ies .  cc 
$(CC)  -c  $(CFLAGS)  function.definition.utilities.ee 


event.value.o:  event.value.hevent.value.ee  generated.C.macros . h 
$(CC)  -c  $(CFLAGS)  event.value.ee 

event.value.ut  ilit  ies .  o:  event  .value  .util  it  ies.h  event.value.ut  ilit  ies .  cc 
$(CC)  -c  $(CFLAGS)  event.value.utilities.ee 

c ondit  ions .  o :  condit ions ,  h  condit  ions .  cc 
$(CC)  -c  $(CFI.AGS)  conditions.ee 

pvs.state.o:  pvs.state.h  pvs.state.ee 
$(CC)  -c  $(CFLAGS)  pvs.state.ee 

pvs.types.o:  pvs.types.h  pvs.types.ee 
$(CC)  ~c  $(CFLAGS)  pvs.types.ee 

combinatorics.©:  combinatorics .h  combinatorics.ee 
$(CC)  ~c  $(CFLAGS)  combinatorics.ee 

transit  ion.  value .  o :  transit  ion.  value  .h  transit  ion.  value .  cc 
$(CC)  -c  $(CFLAGS)  transition.value.ee 

skeleton.utilit  ies .  o :  skelet  on.ut  ilit  ies  .h  skeleton.ut  ilit  ies .  cc 
$(CC)  ~c  $(CFLAGS)  skeleton.utilities.ee 

s.list . table . o:  s.list.table.h  s.list.table.cc 
$(CC)  -c  $(CFLAGS)  s.list.table.cc 

s.list .table.ut ilities . o :  s.list .table.ut ilities . h  s.list .table.utilities . cc 
$(CC)  -c  $(CFLAGS)  s.list.table.utilit ies.ee 
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tagged_table . o :  tagged^table . h  tagged^table . cc 
$(CC)  “C  $(CFLAGS)  tagged. table.cc 

c.style.o:  c.style.h  c.style.cc 
$(CC)  “C  $(CFLAGS)  c_style.cc 

strlist.utilities.o:  strlist.utilities.h  strlist_utilities.cc 
$(CC)  -c  $(CFLAGS)  strlist_utilities.cc 

test_scaled_integ€r .o:  test.cc 

$(CC)  -c  $(CFLAGS)  test_scaled_integer.cc 

test_scaled_integer:  test_scaled_integer  ,cc  test_scaled_integer  .o  \ 
scaled. integer.©  s.exp.o 

$(CC)  -o  test.program  $(CFLAGS)  test.scaled.integer .  o  \ 
scaled.integer .o  s.exp.o 

test.warshall . o :  test_warshall.cc 
$(CC)  -c  $(CFLAGS)  test_warshall.cc 

test  .war  shall;  test.wcirshall .  cc  test.warshall .  o 
$(CC)  -o  test.warshall  $(CFLAGS)  test.warshall. o 

test.tagged.table . o :  test.tagged.table . cc 
$(CC)  -c  $(CFLAGS)  test.t agged_table.ee 

test.tagged.table:  test_tagged_table.ee  test.tagged.table.© 

$(CC)  -©  test.tagged.table  $(CFLAGS)  test.tagged.table.©  \ 
tagged. table.©  str.©  s.exp.©  scaled.integer.© 

#  DO  NOT  DELETE  THIS  LINE  —  make  depend  depends  on  it. 
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